play Unknown
Dettagli
Initially observed in June 2022, the Play ransomware (a.k.a PlayCrypt) operates through double extortion, targeting numerous organizations in Latin America. Its Initial Access method is quite similar to other ransomwares, involving attacks such as Phishing, Exposed Services to the Internet, and Valid Account compromises.<br> <br> On April 19, 2023, the security company Symantec published two new tools developed by the Play group. These tools allow the malicious actor to enumerate and exfiltrate data from the internal network. The post mentions the following: 'Play threat actors use the .NET infostealer to enumerate software and services via WMI, WinRM, Remote Registry, and Remote Service. The malware checks for the existence of security and backup software, as well as remote administration tools and other programs, saving the information in .CSV files that are compressed into a .ZIP file for later manual exfiltration by threat actors.'Source: https://github.com/crocodyli/ThreatActors-TTPs
Leak Site
Onion URL:
http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/index.php?page=13
Vittime per Paese
Vittime Ransomware 10
| Vittima | Paese | Settore | Data Scoperta |
|---|---|---|---|
| T a Solberg | 🇳🇴 NO | Not Found |
06/03/2026 21:19 14 ore fa |
| Don E Bower | 🇺🇸 US | Construction |
06/03/2026 21:18 14 ore fa |
| Design To Print | 🇺🇸 US | Manufacturing |
06/03/2026 21:17 14 ore fa |
| Select Tool | 🇨🇦 CA | Manufacturing |
06/03/2026 21:17 14 ore fa |
| DFW Aero Mechanix | 🇺🇸 US | Transportation/Logistics |
06/03/2026 21:16 14 ore fa |
| Garland Williams & Associates | - | Not Found |
06/03/2026 21:16 14 ore fa |
| Equine Canada | 🇨🇦 CA | Not Found |
03/03/2026 20:11 3 giorni fa |
| GapVax | 🇺🇸 US | Manufacturing |
03/03/2026 20:10 3 giorni fa |
| Gordon/Clifford Realty | 🇺🇸 US | Business Services |
02/03/2026 21:50 4 giorni fa |
| Cabka | 🇩🇪 DE | Manufacturing |
02/03/2026 21:50 4 giorni fa |
Metadata
Slug:
play
Created: 14/01/2026 08:19
Updated: 07/03/2026 04:00