Skip to content

<<< Hide Navigation Hide TOC >>>

Playcrypt - S1162 (28ad4983-151e-4e30-9792-768470e92b3e)

Playcrypt is a ransomware that has been used by Play since at least 2022 in attacks against against the business, government, critical infrastructure, healthcare, and media sectors in North America, South America, and Europe. Playcrypt derives its name from adding the .play extension to encrypted files and has overlap with tactics and tools associated with Hive and Nokoyawa ransomware and infrastructure associated with Quantum ransomware.(Citation: Microsoft PlayCrypt August 2022)(Citation: CISA Play Ransomware Advisory December 2023)(Citation: Trend Micro Ransomware Spotlight Play July 2023)

Galaxy ColorsAttack Pat...Malware
Rows: 3
Loading extensions...
Collapse filters
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

TableFilter v0.7.2

https://www.tablefilter.com/
©2015-2025 Max Guglielmi
?
Cluster A Galaxy A Cluster B Galaxy B Level
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern Playcrypt - S1162 (28ad4983-151e-4e30-9792-768470e92b3e) Malware 1
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Playcrypt - S1162 (28ad4983-151e-4e30-9792-768470e92b3e) Malware 1
Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) Attack Pattern Playcrypt - S1162 (28ad4983-151e-4e30-9792-768470e92b3e) Malware 1