PlayCrypt emerged during 2022 in a mysterious way, when german victims started asking on
forums about a “new ransomware that encrypts everything and places a ransom note with
just two lines: the word PLAY and an email which nobody answers to”.
After much speculation and after reversing one of their samples looking for contact details,
DC5411 could establish an initial exchange with the group, obtaining links for their first
onion service (to be aired 72 hs later).
The group used ProxyShell/ProxyNotShell vulnerabilities to gain initial foothold, even when
the later was patched, they had a workaround to keep the vulnerability working.
No Data Found
© ALL RIGHTS RESERVED TO DarkFeed 2023
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |