ColonyCrypt Active
Ransomware group first observed in 2022. Uses nltest for deployment.1
Total Victims
2022-11-01
First Seen
2026-03-06
Last Seen
0
Known TTPs
41.1d
Avg Delay
0
Negotiations
ONION URLS
pllp5or7vp5l7zft5wbngc56a62pnlzpx6m3remf4xuyhfxbpco5642y.onion
TOOLS
nltest
Ligolo
Cobalt Strike
FILE EXTENSIONS
.gone
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
| Date | Victim Name | Country | Sector | Status |
|---|---|---|---|---|
| 2026-03-06 | First Holdings | Japan | Agriculture | Removed |
No TTPs data
No YARA rules
No IoCs
No ransom notes