Zeppelin was one of the most sophisticated and, therefore, expensive ransomware builders put on the underground market. It was one of the first examples of a sophisticated ransomware builder for sale that did not require affiliation with the criminal group in order to operate the ransomware. Because of this, it is impractical to associate “Zeppelin” attacks with any group since their business model essentially made it a Ransomware-as-a-Franchise. 
To learn more about Zeppelin origins and the full technical analysis, please download the report.