ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool Clop

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Clop

NamesClop
Cl0p
CategoryMalware
TypeRansomware, Big Game Hunting
DescriptionClop is a ransomware which uses the .clop extension after having encrypted the victim's files. Another unique characteristic belonging with Clop is in the string: 'Dont Worry C|0P' included into the ransom notes. It is a variant of CryptoMix ransomware, but it additionally attempts to disable Windows Defender and to remove the Microsoft Security Essentials in order to avoid user space detection.
Information<https://www.mcafee.com/blogs/other-blogs/mcafee-labs/clop-ransomware/>
<https://www.bleepingcomputer.com/news/security/clop-ransomware-now-kills-windows-10-apps-and-3rd-party-tools/>
<https://www.telekom.com/en/blog/group/article/cybersecurity-ta505-returns-with-a-new-bag-of-tricks-602104>
<https://www.cybereason.com/blog/cybereason-vs.-clop-ransomware>
<https://www.notion.so/S2W-LAB-Analysis-of-Clop-Ransomware-suspiciously-related-to-the-Recent-Incident-English-088056baf01242409a6e9f844f0c5f2e>
<https://www.telekom.com/en/blog/group/article/inside-of-cl0p-s-ransomware-operation-615824>
<https://blog.malwarebytes.com/malwarebytes-news/2021/02/clop-targets-execs-ransomware-tactics-get-another-new-twist/>
<https://unit42.paloaltonetworks.com/clop-ransomware/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.clop>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:Clop>

Last change to this tool card: 23 April 2021

Download this tool card in JSON format

Previous: ClientTraficForwarder
Next: CloudDuke

All groups using tool Clop

ChangedNameCountryObserved

APT groups

 FIN11[Unknown]2016-Jun 2021 HOTX

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key