PanelActoresCampanasMapaTTPs
Panel » Actores » zeon
ArsenalExploitsTTP MatrixKillChainMapaActoresSSLBLRansomLookRansomwhereAlertasCyberNews
zeon logo

zeon

1 incidentes 0 paises 0 sectores ransomware RU Ultimo: 2026-06-25
Ver en IntelTracker → APTTrail →
Zeon is a ransomware group that first emerged in late January 2022 as a low-sophistication, commodity-level threat. Its primary motivation was financial extortion, targeting businesses to demand cryptocurrency payments. The group distinguished itself by utilizing custom, Python-based ransomware executables, often obfuscated with pyArmor, and by implementing double extortion tactics, threatening to publish exfiltrated data if ransom demands were not met. Zeon operated under this name until September 2022, when it rebranded as Royal ransomware, integrating actors previously associated with Conti and TrickBot malware, and maintaining a private coding and infrastructure model rather than a Ransomware-as-a-Service (RaaS) operation.
Tecnicas MITRE
T1486, T1078, T1489, T1027, T1190

RansomLook pivots

Data, inteligencia y referencias externas para contrastar actividad ransomware del actor.

Abrir perfil →
Data
RecentBrowseTrendingStats
Intel
GroupURLsCryptoLeaksNotesAnalysesTorrents
Info
APIGlossaryAbout
Victimas
0
TTPs unicas
0
Info robada historica
N/D
Rescates reclamados
N/D
Pagos detectados
N/D

Paises objetivo (SOCRadar)

ArgentinaAustraliaBelgiumBrazilCanadaSwitzerlandGermanyEgyptSpainFinland

Sectores objetivo (SOCRadar)

Construction of BuildingsFood ManufacturingSoftware PublishersReal EstateHospitalsEnterprises & HoldingAccommodationAir TransportationManufacturingConstruction

URLs nuevas detectadas en IntelTracker

ransomware.anggipradana.com