← Back to Actors
Play
Play
[Play](https://attack.mitre.org/groups/G1040) is a ransomware group that has been active since at least 2022 deploying [Playcrypt](https://attack.mitre.org/software/S1162) ransomware against the business, government, critical infrastructure, healthcare, and media sectors in North America, South America, and Europe. [Play](https://attack.mitre.org/groups/G1040) actors employ a double-extortion model, encrypting systems after exfiltrating data, and are presumed by security researchers to operate as a closed group.(Citation: CISA Play Ransomware Advisory December 2023)(Citation: Trend Micro Rans...
26
Techniques
26
Covered
0
Gaps
100%
Coverage
Coverage26/26
COVERED (26)
T1003.001LSASS Memory105 det.T1016System Network Configuration Discovery35 det.T1018Remote System Discovery46 det.T1021.002SMB/Windows Admin Shares67 det.T1027.010Command Obfuscation31 det.T1030Data Transfer Size Limits6 det.T1048Exfiltration Over Alternative Protocol31 det.T1057Process Discovery18 det.T1059.001PowerShell338 det.T1059.003Windows Command Shell79 det.T1070.001Clear Windows Event Logs15 det.T1070.004File Deletion40 det.T1078Valid Accounts252 det.T1078.002Domain Accounts26 det.T1078.003Local Accounts23 det.T1082System Information Discovery80 det.T1083File and Directory Discovery48 det.T1105Ingress Tool Transfer170 det.T1133External Remote Services72 det.T1190Exploit Public-Facing Application208 det.T1518.001Security Software Discovery8 det.T1560.001Archive via Utility24 det.T1562.001Disable or Modify Tools300 det.T1587.001Malware9 det.T1588.002Tool13 det.T1657Financial Theft12 det.