Prolific Puma

Prolific Puma is a recognized threat actor in the cybersecurity landscape, known for its malicious activities and discerning client selection process. The group has been linked to various cyber attacks, with its services sought by other threat actors like the Play ransomware group for enhancing their capabilities in circumventing defensive security protocols. Evidence suggests a connection between these two entities as the IP address hosting the Play ransomware and another IP associated with Prolific Puma share the same autonomous system number (ASN). This similarity extends to several domains associated with both parties, further strengthening the link. A detailed comparison of the IP addresses related to the Play ransomware and Prolific Puma reveals striking similarities. Both IPs resolve to multiple domains registered by Prolific Puma, suggesting that the group may have played a significant role in the ransomware's deployment. Furthermore, a shortened link created by Prolific Puma correlates with the observed IP address associated with Play ransomware, providing additional evidence of their collaboration. Moreover, the Coroxy backdoor, a notorious cybersecurity threat, has also been connected to Prolific Puma. The IP address that this backdoor connects to resolves to different domains matching those registered by Prolific Puma. Given the established reputation of Prolific Puma and the breadth of its registered domains, it is clear that the group poses a substantial cybersecurity risk. Their strategic partnerships with other threat actors such as the Play ransomware group highlight their influence and reach within the cybercrime ecosystem.