Is this host protected from Maui Ransomware?

CISA released an advisory in July 2022 on Maui ransomware which has been used by North Korean state-sponsored actors since at least May 2021 to encrypt files in infected hosts. This TTP uses a defanged (non-malicious) version of Maui which can be used to check if the ransomware is detected. Endpoint detection should identify Maui ransomware samples and respond before they can cause damage.
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.


Test this TTP

Download Operator (1.7.1)