PanelActoresCampanasMapaTTPs
Panel » Actores » threeam
ArsenalExploitsTTP MatrixKillChainMapaActoresSSLBLRansomLookRansomwhereAlertasCyberNews
threeam logo

threeam

24 incidentes 5 paises 5 sectores ransomware RU Ultimo: 2026-06-25
Aliases: Time 3AM
Ver en IntelTracker → APTTrail →
Threeam, also known as 3AM, is a ransomware group that first appeared in February 2023, though its operations gained broader attention later that year. The group's primary motivation is financial gain through aggressive ransom demands and double extortion tactics. It notably emerged as a secondary payload, often deployed by affiliates when primary ransomware, such as LockBit, failed during initial attacks. This characteristic, along with its unique implementation in the Rust programming language for enhanced speed and stealth, sets threeam apart from many other ransomware operations. It is assessed with moderate confidence to be of Russian origin, given observed language use and connections to other Russia-linked ransomware operations like LockBit. The group is also associated with BlackSuit ransomware and has links to core elements of the disbanded Conti group.
Tecnicas MITRE
T1584, T1486, T1021, T1071.001, T1078.001, T1566.002

RansomLook pivots

Data, inteligencia y referencias externas para contrastar actividad ransomware del actor.

Abrir perfil →
Data
RecentBrowseTrendingStats
Intel
GroupURLsCryptoLeaksNotesAnalysesTorrents
Info
APIGlossaryAbout
Victimas
23
TTPs unicas
1
Info robada historica
9 MB
Rescates reclamados
N/D
Pagos detectados
N/D

TTPs observadas

T1566 Phishing

Paises afectados

United States (11) Vietnam (2) Netherlands (1) Germany (1) Croatia (1)

Paises objetivo (SOCRadar)

AustraliaBangladeshBrazilCanadaGermanyEcuadorSpainFinlandFranceUnited Kingdom

Sectores atacados

Business Services (2) Technology (3) Public Sector (2) Healthcare (3) Agriculture and Food Production (1)

Sectores objetivo (SOCRadar)

Construction of BuildingsAccommodationManufacturingConstructionElectrical Equipment, Appliance, and Component ManufacturingPublic AdministrationOil & GasEducational ServicesRepair&MaintenanceSpace & Defense

URLs nuevas detectadas en IntelTracker

ransomware.anggipradana.com threeamkelxicjsaf2czjyz2lc4q3ngqkxhhlexyfcp2o6raw4rphyad.onion threeamkelxicjsaf2czjyz2lc4q3ngqkxhhlexyfcp2o6raw4rphyad.onion threeamkelxicjsaf2czjyz2lc4q3ngqkxhhlexyfcp2o6raw4rphyad.onion threeamkelxicjsaf2czjyz2lc4q3ngqkxhhlexyfcp2o6raw4rphyad.onion threeamkelxicjsaf2czjyz2lc4q3ngqkxhhlexyfcp2o6raw4rphyad.onion threeamkelxicjsaf2czjyz2lc4q3ngqkxhhlexyfcp2o6raw4rphyad.onion threeamkelxicjsaf2czjyz2lc4q3ngqkxhhlexyfcp2o6raw4rphyad.onion threeamkelxicjsaf2czjyz2lc4q3ngqkxhhlexyfcp2o6raw4rphyad.onion threeamkelxicjsaf2czjyz2lc4q3ngqkxhhlexyfcp2o6raw4rphyad.onion threeamkelxicjsaf2czjyz2lc4q3ngqkxhhlexyfcp2o6raw4rphyad.onion threeamkelxicjsaf2czjyz2lc4q3ngqkxhhlexyfcp2o6raw4rphyad.onion

Victimas (23)

mgrlaw.com12 Jun 2026
Ransomware United States Business Services
Resumen El grupo threeam ha reportado un ataque de ransomware contra el dominio mgrlaw.com, una firma legal especializada en familia, divorcios y prob…
hoplongtech.com12 Jun 2026
Ransomware Vietnam Technology
Resumen hoplongtech.com ha sido alerta de ransomware relacionada con el grupo threeam. La empresa, especializada en distribución de equipos automatiza…
Ransomware Victim: jetmachprod.com (threeam)12 Jun 2026
Ransomware United States Manufacturing
jetmachprod.com Victima de ransomware reportada en el dashboard de threeam. CampoValor Grupothreeam Pais SectorManufacturing Fecha2026-06-12T20:07:11.…
Ransomware Victim: jastrebarsko.hr (threeam)12 Jun 2026
Ransomware Croatia
jastrebarsko.hr Victima de ransomware reportada en el dashboard de threeam. CampoValor Grupothreeam PaisHR SectorNot Found Fecha2026-06-12T20:06:29.88…
Ransomware Victim: palmero.com (threeam)12 Jun 2026
Ransomware United States Manufacturing
palmero.com Victima de ransomware reportada en el dashboard de threeam. CampoValor Grupothreeam Pais SectorNot Found Fecha2026-06-12T20:05:59.594854+0…
Ransomware Victim: insamani.com.ar (threeam)12 Jun 2026
Ransomware Argentina
insamani.com.ar Victima de ransomware reportada en el dashboard de threeam. CampoValor Grupothreeam PaisAR SectorNot Found Fecha2026-06-12T20:05:28.02…
Ransomware Victim: bsynchro.com (threeam)12 Jun 2026
Ransomware Technology
bsynchro.com Victima de ransomware reportada en el dashboard de threeam. CampoValor Grupothreeam PaisDE SectorTechnology Fecha2026-06-12T20:04:55.9808…
Ransomware Victim: molinoscabodi.com.ar (threeam)12 Jun 2026
Ransomware United States Food
molinoscabodi.com.ar Victima de ransomware reportada en el dashboard de threeam. CampoValor Grupothreeam PaisAR SectorAgriculture and Food Production …
Ransomware Victim: ws.com.br (threeam)12 Jun 2026
Ransomware Brazil Government
ws.com.br Victima de ransomware reportada en el dashboard de threeam. CampoValor Grupothreeam PaisBR SectorBusiness Services Fecha2026-06-12T20:03:53.…
Ransomware Victim: consultic.be (threeam)12 Jun 2026
Ransomware
consultic.be Victima de ransomware reportada en el dashboard de threeam. CampoValor Grupothreeam PaisBE SectorBusiness Services Fecha2026-06-12T20:03:…
Ransomware Victim: amc.org.au (threeam)12 Jun 2026
Ransomware Australia Medical
amc.org.au Victima de ransomware reportada en el dashboard de threeam. CampoValor Grupothreeam PaisAU SectorNot Found Fecha2026-06-12T20:02:17.215389+…
Ransomware Victim: agroexportavocados.com (threeam)12 Jun 2026
Ransomware Food
agroexportavocados.com Victima de ransomware reportada en el dashboard de threeam. CampoValor Grupothreeam PaisMX SectorAgriculture and Food Productio…
Ransomware Victim: hoplongtech.com (threeam)12 Jun 2026
Ransomware Vietnam Technology
hoplongtech.com Victima de ransomware reportada en el dashboard de threeam. CampoValor Grupothreeam PaisVN SectorTechnology Fecha2026-06-12T20:00:34.9…
Ransomware Victim: mgrlaw.com (threeam)12 Jun 2026
Ransomware Law
mgrlaw.com Victima de ransomware reportada en el dashboard de threeam. CampoValor Grupothreeam PaisUS SectorBusiness Services Fecha2026-06-12T19:59:43…
wyomingcountyny.gov1 May 2026
Ransomware United States Public Sector
Resumen wyomingcountyny.gov fue afectado por un ataque de ransomware atribuido al grupo threeam, según reportes de mayo de 2026. El incidente puso en …
townofnorwell.net1 May 2026
Ransomware United States Public Sector
Resumen Se ha reportado una alerta de ransomware relacionada con el dominio townofnorwell.net, atribuida al grupo cybercriminal threeam. La incidencia…
sequoiadental.com1 May 2026
Ransomware United States Healthcare
Resumen sequoiadental.com ha sido identificada como una víctima de un ataque de ransomware atribuido al grupo malicioso threeam. La alerta, publicada …
curedentalbeltontx.com1 May 2026
Ransomware United States Healthcare
Resumen El día 1 de mayo de 2026 se reportó un ataque de ransomware en la empresa curedentalbeltontx.com, operadora en el sector de oficinas dentales.…
austinplasticandreconstructivesurgery.com1 May 2026
Ransomware United States Healthcare
Resumen austinplasticandreconstructivesurgery.com fue identificada como una víctima de un ataque ransomware atribuido al grupo threeam. El incidente o…
hsjlawyers.com1 May 2026
Ransomware United States Business Services
Resumen El 1 de mayo de 2026 se reportó un ataque de ransomware contra la empresa legal hsjlawyers.com, una firma ubicada en Prince George, British Co…
bun.nl1 May 2026
Ransomware Netherlands Agriculture and Food Production
Resumen Se ha detectado una alerta de ransomware relacionada con el dominio bun.nl, vinculado al grupo cibernético threeam. La empresa Bun, especializ…
ic-controls.com1 May 2026
Ransomware Germany Manufacturing
Resumen El 1 de mayo de 2026 se reportó una alerta de ransomware relacionada con el grupo threeam, afectando a la empresa ic-controls.com. La organiza…
aceforwarding.com19 Nov 2025
Ransomware United States Transportation/Logistics
Resumen Una alerta de ransomware ha sido publicada relacionada con el dominio aceforwarding.com, asociado al grupo cibernético threeam. La alerta fue …