0attributed CVEs
35ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
—years active
About this actor
[Play](https://attack.mitre.org/groups/G1040) is a ransomware group that has been active since at least 2022 deploying [Playcrypt](https://attack.mitre.org/software/S1162) ransomware against the business, government, critical infrastructure, healthcare, and media sectors in North America, South America, and Europe. [Play](https://attack.mitre.org/groups/G1040) actors employ a double-extortion model, encrypting systems after exfiltrating data, and are presumed by security researchers to operate as a closed group.(Citation: CISA Play Ransomware Advisory December 2023)(Citation: Trend Micro Ransomware Spotlight Play July 2023)
Source: MITRE ATT&CK
Activity timeline
No activity events recorded.
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
| No attributed CVEs. | |||||
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-4 | 22 / 35 | 63% |
CM-6 | 20 / 35 | 57% |
AC-3 | 17 / 35 | 49% |
AC-6 | 17 / 35 | 49% |
CM-2 | 17 / 35 | 49% |
SI-3 | 16 / 35 | 46% |
AC-2 | 15 / 35 | 43% |
AC-5 | 14 / 35 | 40% |
CA-7 | 13 / 35 | 37% |
CM-7 | 12 / 35 | 34% |
IA-2 | 12 / 35 | 34% |
CM-5 | 11 / 35 | 31% |
SI-7 | 10 / 35 | 29% |
SC-7 | 9 / 35 | 26% |
AC-17 | 8 / 35 | 23% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- FIN8 0.38
- Aquatic Panda 0.38
- Operation Wocao 0.33
- MirrorFace 0.32
- Cutting Edge 0.31