joshhighet
commented
1 year ago thanks @JMousqueton - I've not been able to get your parser going, I'll look into it later. throws out a repetition-operator operand invalid for me. #37
Closed JMousqueton closed 1 year ago
joshhighet
commented
1 year ago thanks @JMousqueton - I've not been able to get your parser going, I'll look into it later. throws out a repetition-operator operand invalid for me. #37
JMousqueton
commented
1 year ago Check here : https://github.com/JMousqueton/ransomwatch/blob/main/parsers.py
I had to “double protect” with double \
it works for me.
host location
http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion
group name
Play
group information
On Jun 22, 2022, in the BleepingComputer forum, someone wrote that his files were encrypted with the extension “Play.” Afterward, Trend Micro published an analysis article about the new ransomware variant, Play Ransomware. Even though they seem like a new ransomware group, their identified TTPs look like Hive and Nokayawa ransomware families. One of the similar behaviors that make them look similar are they use AdFind, a command-line query tool capable of collecting information from Active Directory.
host
v3 (onion)
parser