Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Logo

joycity

joycity.com
Group Auditteam
Discovered 2026-04-08 15:57 UTC
Est. attack date 2026-03-05
Country KR

Description:

Joycity is a prominent South Korean game developer and publisher founded in 1994 and listed on the KOSDAQ. Renowned for its innovation and global reach, the company originally pioneered the hip-hop-themed sports genre with its self-developed FreeStyle series, which became a cultural milestone for players across Asia. In the mobile era, Joycity successfully pivoted to the Strategy (SLG) genre, producing high-revenue titles like Gunship Battle: Total Warfare and Pirates of the Caribbean: Tides of War, with international markets consistently accounting for over 70% of its total revenue. Currently, Joycity is actively expanding into Web3 technologies and major cross-platform projects. Its blockbuster collaboration with Capcom and Aniplex, Resident Evil Survival Unit, has already surpassed 5 million global downloads as of early 2026, demonstrating the company’s robust R&D and operational expertise in managing world-class intellectual properties.
Infostealer activity detected by HudsonRock

Compromised Employees: 12

Compromised Users: 1174

Third Party Employee Credentials: 11

External Attack Surface: 106

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domainJOYCITY.CO.KR
  • domainjoycity.com
  • abuseinames.co.kr
MX Records
  • mail.joycity.com.
  • smtp.joycity.com.
  • joycity-com.mail.protection.outlook.com. Microsoft 365
TXT Records
  • google-site-verification=K9QMvVGv7Bj3S2Tnb2R-pFJlkn4PvGvcEq2BgKQu2D8
  • google-site-verification=WzLXLmgxRV7I4PJBcots-V-FUnDB1eVASR6tL5m19Yk
  • h9pAuOM1k8i4nuemkIxvfOR3keBjaG9XVnRXTo+9Qk+SYAa7e7XKPX3NtSSPViyiSWxpolUxcQ1ZKQpOSQ4AQQ==
  • google-site-verification=JV7AgG3RBXTpTggPrDGthbCXWiDPXr87EcwniLPJi-M
  • _globalsign-domain-verification=G4763G2CK8iRKJU_F4YR74IED_sTQEGMPejWXgXEs3
  • 2thBLeGBH3SjRY7gTIeLbxpR6rhCwe71qG+zsukMYMUxSZqHIzIbBSc7DtqWtLrviG/brg68v/qMKG5mnzsUhw==
  • _globalsign-domain-verification=Stb19Zz6H45je6kkRq6T6zfbx8dNK7J5IqiZtnwBJa
  • amazonses:R9Pyc5b4ixBVGQ68roomqC2/SsbHIIwQ8aXA4YO8i2k=
  • tiktok-developers-site-verification=GW38U5huICVabaEr8jn1xNeqX59NnXvW
  • notion-domain-verification=e9Zrgczi670x3enc1ckE7fiMeqgUAhzUNyM8e3objuB
  • 03214ac4107a9f3141fb2557d68fbca5e41a2765a5614660ad4a874723dbcbba
  • MS=ms98667811
  • amazonses:ea/yEknwxDKHqWp2ezzVua/JhiWADuPjxlGi+CFpHx4=
  • notion-domain-verification=5WZzPRszBhoA0Ves31RuSPuDyHALyYlnBfMPLGxgaFu
  • v=spf1 include:spf.protection.outlook.com include:amazonses.com include:spf.maillink.co.kr ip4:61.43.45.2 ip4:61.43.45.143 ip4:61.43.46.99 ip4:61.43.45.221 ip4:61.43.45.222 ip4:13.230.88.247 ip4:52.79.78.28 ~all
Cloud / SaaS Services Detected
Amazon SES/WorkMail Global Sign Microsoft 365

Leak Screenshot:

Leak Screenshot

Legal Disclaimer: Ransomware.live does not engage in the acquisition, exfiltration, downloading, possession, hosting, access, consultation, redistribution, or disclosure of unlawfully obtained data. This platform indexes only publicly visible information posted by ransomware operators and open web sources without accessing or obtaining the underlying stolen content. The service is provided to support public awareness, legitimate research, and cyber-resilience. No stolen personal or confidential data is collected or distributed via this site.