Play (2024) Active

Play ransomware continued high-volume operations through 2024.
PDF Report Back to Groups
0
Total Victims
2024-01-01
First Seen
N/A
Last Seen
0
Known TTPs
13.1d
Avg Delay
0
Negotiations
ONION URLS
k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion
mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion
k7kg3jqzffsxe2z53jjx4goybvxu3a557kpsqakpwi6mrvfgcdo55tid.onion
ipi4tiumgzjsym6pyuzrfqrtwskokxokqannmd6sa24shvr7x5kxdvqd.onion
j75o7xvvsm4lpsjhkjvb4wl2q6ajegvabe6oswthuaubbykk4xkzgpid.onion
TOOLS
Grixba infostealer
FILE EXTENSIONS
.play
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
No victims recorded

No TTPs data

No YARA rules

TypeValueDescriptionCopy
btc bc1q96mrjm206r6tikf9oxnizov1bjqixim3e125j9 Bitcoin ransom address observed in Play (2024) attacks
sha1 17c1ec29a2fcc3a10254647178a12917529e2131 Dropper hash observed in Play (2024) attacks
btc bc1qk8vyl591org2nsq4837g3104cp64r6wg0oi54p Infrastructure linked to Play (2024)
btc bc1qe982v8ay4moe5vvp8d3p9ipfa45yt1h41x38ep Bitcoin ransom address observed in Play (2024) attacks
ip 156.193.251.223 C2 server IP observed in Play (2024) attacks
tox 8EF8AABC29626BB14F3EC0FE8F782AF907FD5168B4ED015BAC6B250E88DABB3BB6CAA4CEEA58 Infrastructure linked to Play (2024)
tox 332D365CA74BE5E6D4BD85AE5B1F1EB737EA54D30F1AD202E95DE08ADB8AB01C4FDE85A2ABFC Associated with Play (2024) ransomware

No ransom notes