Malware: Clop

Description

[Clop](https://attack.mitre.org/software/S0611) is a ransomware family that was first observed in February 2019 and has been used against retail, transportation and logistics, education, manufacturing, engineering, automotive, energy, financial, aerospace, telecommunications, professional and legal services, healthcare, and high tech industries. [Clop](https://attack.mitre.org/software/S0611) is a variant of the CryptoMix ransomware.(Citation: Mcafee Clop Aug 2019)(Citation: Cybereason Clop Dec 2020)(Citation: Unit42 Clop April 2021)

External References

• mitre-attack
• Mcafee Clop Aug 2019
• Cybereason Clop Dec 2020
• Unit42 Clop April 2021

Techniques Used by This Malware

• T1027.002 — Software Packing
• T1057 — Process Discovery
• T1059.003 — Windows Command Shell
• T1083 — File and Directory Discovery
• T1106 — Native API
• T1112 — Modify Registry
• T1135 — Network Share Discovery
• T1140 — Deobfuscate/Decode Files or Information
• T1218.007 — Msiexec
• T1486 — Data Encrypted for Impact
• T1489 — Service Stop
• T1490 — Inhibit System Recovery
• T1497.003 — Time Based Evasion
• T1518.001 — Security Software Discovery
• T1553.002 — Code Signing
• T1562.001 — Disable or Modify Tools
• T1614.001 — System Language Discovery

APT Groups Using This Malware

• TA505