CL0P ransomware group

GPTKB entity

Statements (87)
Predicate Object
gptkbp:instanceOf cybercrime
gptkbp:alsoKnownAs gptkb:Clop
gptkbp:connectsTo gptkb:FIN11
gptkbp:exploits phishing emails
malicious attachments
zero-day vulnerabilities
gptkbp:firstAppearance 2019
https://www.w3.org/2000/01/rdf-schema#label CL0P ransomware group
gptkbp:language gptkb:Russian
gptkbp:mainActivity ransomware attacks
gptkbp:monitors gptkb:CISA
gptkb:Europol
gptkb:FBI
Cybersecurity researchers
gptkbp:notableBattle Shell attack
Accellion FTA breach
MOVEit Transfer breach
gptkbp:notableFor 2020
2021
2023
gptkbp:operates ransomware-as-a-service
gptkbp:publiclyNamedBy gptkb:Kaspersky
gptkb:Microsoft
gptkb:Group-IB
gptkb:CrowdStrike
gptkb:ESET
gptkb:FireEye
gptkb:Mandiant
gptkb:BleepingComputer
gptkb:Symantec
gptkb:Check_Point
gptkb:Trend_Micro
gptkb:Recorded_Future
gptkb:Sophos
Unit 42
Coveware
The Hacker News
gptkbp:publishesDataOn dark web leak sites
gptkbp:ransomwareFamily gptkb:Clop
CryptoMix
CryptoWall
gptkbp:requires cryptocurrency ransom payments
gptkbp:suspectedOrigin gptkb:Eastern_Europe
gptkbp:tactics data exfiltration
double extortion
gptkbp:target gptkb:Kroger
gptkb:Stanford_University
gptkb:University_of_California
gptkb:government
gptkb:Morgan_Stanley
gptkb:Shell
gptkb:Flagstar_Bank
gptkb:Jones_Day
gptkb:Qualys
Government agencies
Retailers
Universities
Bombardier
education sector
healthcare sector
organizations worldwide
Hospitals
government entities
Law firms
Energy companies
gptkbp:threats high
gptkbp:uses gptkb:Linux_systems
gptkb:Bitcoin
gptkb:Tor_network
gptkb:Cobalt_Strike
gptkb:Mimikatz
gptkb:Monero
PowerShell scripts
cryptocurrency wallets
remote desktop software
RDP brute force
Windows systems
web shell
Active Directory exploitation
SDBot
anonymous email services
data compression tools
file transfer tools
network reconnaissance tools
gptkbp:usesMalware Clop ransomware
gptkbp:bfsParent gptkb:2023_US_government_agencies_hack
gptkbp:bfsLayer 7