Ransomfeed

Profilo, status e statistiche (dal 12-01-2020)

Dettaglio cyber gang
clop

Profilo gang by OSINT sources: [source: 0]

Clop is a ransomware which uses the .clop extension after having encrypted the victim's files. Another unique characteristic belonging with Clop is in the string: "Dont Worry C|0P" included into the ransom notes. It is a variant of CryptoMix ransomware, but it additionally attempts to disable Windows Defender and to remove the Microsoft Security Essentials in order to avoid user space detection.

Alerts:


Statistiche
N. rivendicazioni 2024 2023 2022
524 19 384 121
URLs
Fonte onionUltimo titoloStatusUltimo scrapeVersione Tor
ekbgzchl6x2ias37.onion 🔴 01-05-2021 2
santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion DDOS Protection 🟢 27-07-2024 3
toznnag5o3ambca56s2yacteu7q7x2avrfherzmz4nmujrjuib4iusad.onion TORRENT | CL0P^_- LEAKS 🔴 15-07-2024 3
Materiale utile
URL ricerca source: 0
https://actu.fr/normandie/rouen_76540/une-rancon-apres-cyberattaque-chu-rouen-ce-reclament-pirates_29475649.html
https://asec.ahnlab.com/en/19542/
https://asec.ahnlab.com/wp-content/uploads/2021/01/Analysis_ReportCLOP_Ransomware.pdf
https://blog.fox-it.com/2020/11/16/ta505-a-brief-history-of-their-time/
https://blog.sensecy.com/2020/08/20/global-ransomware-attacks-in-2020-the-top-4-vulnerabilities/
https://blog.talosintelligence.com/breaking-the-silence-recent-truebot-activity/
https://blog.talosintelligence.com/talos-ir-q2-2023-quarterly-recap/
https://cisoclub.ru/doc/otchet-kompanii-group-ib-ransomware-uncovered-2020-2021/?bp-attachment=group-ib_ransomware_uncovered_2020-2021.pdf
https://docs.google.com/spreadsheets/d/1MI8Z2tBhmqQ5X8Wf_ozv3dVjz5sJOs-3
https://fourcore.io/blogs/clop-ransomware-history-adversary-simulation
https://github.com/Tera0017/TAFOF-Unpacker
https://github.com/albertzsigovits/malware-notes/blob/master/Clop.md
https://github.com/albertzsigovits/malware-notes/blob/master/Ransomware/Clop.md
https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf
https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf
https://ke-la.com/how-ransomware-gangs-find-new-monetization-schemes-and-evolve-in-marketing/
https://krebsonsecurity.com/2021/06/ukrainian-police-nab-six-tied-to-clop-ransomware/
https://labs.sentinelone.com/breaking-ta505s-crypter-with-an-smt-solver/
https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/06/23093553/Common-TTPs-of-the-modern-ransomware_low-res.pdf
https://medium.com/@Sebdraven/unpacking-clop-416b83718e0f
https://medium.com/s2wlab/operation-synctrek-e5013df8d167
https://public.intel471.com/blog/ransomware-as-a-service-2020-ryuk-maze-revil-egregor-doppelpaymer/
https://research.loginsoft.com/threat-research/taming-the-storm-understanding-and-mitigating-the-consequences-of-cve-2023-27350/
https://securelist.com/modern-ransomware-groups-ttps/106824/
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/clop-ransomware/
https://symantec.broadcom.com/hubfs/The_Ransomware_Threat_September_2021.pdf
https://therecord.media/ukrainian-police-arrest-clop-ransomware-members-seize-server-infrastructure/
https://twitter.com/darb0ng/status/1338692764121251840
https://unit42.paloaltonetworks.com/clop-ransomware/
https://vulnerability.ch/2021/04/ransomware-and-date-leak-site-publication-time-analysis/
https://web.archive.org/web/20210305181115/https://cisoclub.ru/doc/otchet-kompanii-group-ib-ransomware-uncovered-2020-2021/?bp-attachment=group-ib_ransomware_uncovered_2020-2021.pdf
https://www.advanced-intel.com/post/adversarial-perspective-advintel-breach-avoidance-through-monitoring-initial-vulnerabilities
https://www.binance.com/en/blog/421499824684902240/Binance-Helps-Take-Down-Cybercriminal-Ring-Laundering-%24500M-in-Ransomware-Attacks
https://www.bleepingcomputer.com/news/security/clop-ransomware-gang-is-back-hits-21-victims-in-a-single-month/
https://www.bleepingcomputer.com/news/security/cryptomix-clop-ransomware-says-its-targeting-networks-not-computers/
https://www.bleepingcomputer.com/news/security/indiabulls-group-hit-by-clop-ransomware-gets-24h-leak-deadline/
https://www.bleepingcomputer.com/news/security/microsoft-links-raspberry-robin-worm-to-clop-ransomware-attacks/
https://www.bleepingcomputer.com/news/security/ransomware-gang-says-they-stole-2-million-credit-cards-from-e-land/
https://www.bleepingcomputer.com/news/security/ransomware-gang-urges-victims-customers-to-demand-a-ransom-payment/
https://www.bleepingcomputer.com/news/security/ta505-hackers-behind-maastricht-university-ransomware-attack/
https://www.bleepingcomputer.com/news/security/three-more-ransomware-families-create-sites-to-leak-stolen-data/
https://www.boho.or.kr/filedownload.do?attach_file_seq=2808&attach_file_id=EpF2808.pdf
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Lageberichte/Lagebericht2020.pdf?__blob=publicationFile&v=2
https://www.carbonblack.com/blog/cb-tau-threat-intelligence-notification-cryptomix-clop-ransomware-disables-startup-repair-removes-edits-shadow-volume-copies/
https://www.cert.ssi.gouv.fr/cti/CERTFR-2019-CTI-009/
https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-001.pdf
https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-006.pdf
https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-009.pdf
https://www.coveware.com/blog/ransomware-attack-vectors-shift-as-new-software-vulnerability-exploits-abound
https://www.cronup.com/post/de-ataque-con-malware-a-incidente-de-ransomware
https://www.crowdstrike.com/blog/how-big-game-hunting-ttps-shifted-after-darkside-pipeline-attack/
https://www.fireeye.com/blog/threat-research/2021/02/accellion-fta-exploited-for-data-theft-and-extortion.html
https://www.flashpoint-intel.com/blog/cl0p-and-revil-escalate-their-ransomware-tactics/
https://www.fsec.or.kr/common/proc/fsec/bbs/163/fileDownLoad/2297.do
https://www.hornetsecurity.com/en/security-information/clop-clop-ta505-html-malspam-analysis/
https://www.hornetsecurity.com/en/security-informationen-en/leakware-ransomware-hybrid-attacks/
https://www.mandiant.com/resources/financially-motivated-actors-are-expanding-access-into-ot
https://www.mandiant.com/resources/mandiant-red-team-emulates-fin11-tactics
https://www.notion.so/S2W-LAB-Analysis-of-Clop-Ransomware-suspiciously-related-to-the-Recent-Incident-English-088056baf01242409a6e9f844f0c5f2e
https://www.notion.so/S2W-LAB-Analysis-of-Clop-Ransomware-suspiciously-related-to-the-Recent-Incident-c26daec604da4db6b3c93e26e6c7aa26
https://www.npu.gov.ua/news/kiberzlochini/kiberpolicziya-vikrila-xakerske-ugrupovannya-u-rozpovsyudzhenni-virusu-shifruvalnika-ta-nanesenni-inozemnim-kompaniyam-piv-milyarda-dolariv-zbitkiv/
https://www.prodaft.com/m/reports/TeslaGun_TLPWHITE.pdf
https://www.pwc.co.uk/issues/cyber-security-services/insights/what-is-behind-ransomware-attacks-increase.html
https://www.secureworks.com/research/threat-profiles/gold-tahoe
https://www.splunk.com/en_us/blog/security/clop-ransomware-detection-threat-research-release-april-2021.html
https://www.splunk.com/en_us/blog/security/detecting-clop-ransomware.html
https://www.telekom.com/en/blog/group/article/cybersecurity-ta505-returns-with-a-new-bag-of-tricks-602104
https://www.telekom.com/en/blog/group/article/cybersecurity-ta505-s-box-of-chocolate-597672
https://www.telekom.com/en/blog/group/article/eager-beaver-a-short-overview-of-the-restless-threat-actor-ta505-609546
https://www.telekom.com/en/blog/group/article/inside-of-cl0p-s-ransomware-operation-615824
https://www.trendmicro.com/en_in/research/21/k/global-operations-lead-to-arrests-of-alleged-members-of-gandcrab.html
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/ransomware-double-extortion-and-beyond-revil-clop-and-conti
https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-clop
https://www.vice.com/en/article/wx5eyx/meet-the-ransomware-gang-behind-one-of-the-biggest-supply-chain-hacks-ever
https://www.youtube.com/watch?v=PqGaZgepNTE
https://www.zdnet.com/article/croatias-largest-petrol-station-chain-impacted-by-cyber-attack/
https://www.zdnet.com/article/german-tech-giant-software-ag-down-after-ransomware-attack/
https://www.zdnet.com/article/the-malware-that-usually-installs-ransomware-and-you-need-to-remove-right-away/
Note di riscatto

Questo script colleziona ogni rivendicazione criminale esattamente come esposta dalle fonti (modello "As Is"), in un database SQL per creare un feed permanente, che può anche essere seguito con tecnologia RSS.
Il motore è basato sul progetto ransomFeed, fork in GitHub.

© ransomfeed.it 2024 | share with |