ZetaTeam Active
Ransomware group first observed in 2017. Uses ScreenConnect for deployment.1
Total Victims
2017-12-01
First Seen
2026-03-06
Last Seen
0
Known TTPs
37.0d
Avg Delay
0
Negotiations
ONION URLS
2xbat33xknzmmbfiohk2undac2wmk2nrfmvefdclswd6dixskev4pmvz.onion
TOOLS
ScreenConnect
Cobalt Strike
FileZilla
TrickBot
FILE EXTENSIONS
.dark
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
| Date | Victim Name | Country | Sector | Status |
|---|---|---|---|---|
| 2026-03-06 | Crown Capital | France | Transportation | Published |
No TTPs data
No YARA rules
No IoCs
No ransom notes