| Alias Description | Votes |
|---|---|
| CVE-2023-34362 is a possible alias for Clop. CVE-2023-34362 is a critical software vulnerability found in Progress Software's managed file transfer (MFT) solution, MOVEit Transfer. This flaw was an SQL injection vulnerability that allowed for escalated privileges and unauthorized access. The vulnerability became active on May 27, 2023, when it | 13 |
| TA505 is a possible alias for Clop. TA505, also known as Cl0p Ransomware Gang and Lace Tempest, is a highly active and sophisticated cybercriminal group. The group has been associated with various high-profile cyber-attacks, demonstrating adaptability through a multi-vector approach to their operations. In June 2023, the U.S. Cybersec | 9 |
| Clop Ransomware Group is a possible alias for Clop. The Clop ransomware group, a malicious threat actor in the cybersecurity landscape, has been actively exploiting vulnerabilities in software to execute their attacks. The group is known for its harmful activities that involve the execution of actions with malicious intent. They could be individuals, | 8 |
| Truebot is a possible alias for Clop. Truebot is a malicious software (malware) utilized by the CL0P actors, designed to exploit and damage computer systems. This malware can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Truebot serves multiple purposes: it can dow | 7 |
| fin11 is a possible alias for Clop. FIN11, a threat actor group also known as Lace Tempest or TA505, has been linked to the development and deployment of Cl0p ransomware. This malicious software is believed to be a variant of another ransomware, CryptoMix, and is typically used by FIN11 to encrypt files on a victim's network after ste | 7 |
| Lace Tempest is a possible alias for Clop. Lace Tempest, a threat actor known for executing actions with malicious intent, has been identified as the orchestrator behind a series of cyber attacks exploiting a zero-day vulnerability in SysAid. The exploit was first brought to light by SysAid and further detailed in a blog post on TuxCare. Thi | 6 |
| cl0p group is a possible alias for Clop. The Cl0p group, a threat actor in the cybersecurity landscape, has been responsible for a significant surge in ransomware attacks. This group notably exploited a previously unknown SQL injection (SQLi) vulnerability in MOVEit's file-transfer application to steal data from companies. In 2023, they br | 5 |
| truebot malware is a possible alias for Clop. Truebot malware is a malicious software that infiltrates computer systems, often without the user's knowledge, to exploit and damage the device. It was primarily delivered by cyber threat actors via malicious phishing email attachments, but newer versions observed in 2023 also gained initial access | 4 |
| Blackbasta is a possible alias for Clop. BlackBasta is a notorious malware, particularly known for its ransomware attacks. The group behind it has been linked with other harmful software such as IcedID, NetSupport, Gozi, PikaBot, Pushdo, Quantum, Royal, and Nokoyawa. Artifacts and indicators of compromise (IoCs) suggest a possible relation | 3 |
| cl0p is a possible alias for Clop. Cl0p is a threat actor group that has emerged as the most used ransomware in March 2023, dethroning LockBit. The group has successfully exploited zero-day vulnerabilities in the past, but such attacks are relatively rare. Recent research by Malwarebytes highlights the bias of ransomware gangs for at | 2 |
| Snakefly is a possible alias for Clop. Snakefly, also known as FIN11 and TA505, is a threat actor known for its malicious activities primarily aimed at organizations in North America and Europe. The group is financially motivated and has been active since at least early 2019. Snakefly is particularly associated with the deployment of Cl0 | 2 |
| Alias Description | Association Type | Votes |
|---|---|---|
| The Lockbit Malware is associated with Clop. LockBit is a malicious software, or malware, known for its damaging and exploitative functions. It infiltrates systems via dubious downloads, emails, or websites, often without the user's knowledge, and can steal personal information, disrupt operations, or hold data hostage for ransom. The LockBit | is related to | 16 |
| The Akira Malware is associated with Clop. Akira is a potent ransomware that has been active since 2023, known for its aggressive encryption tactics and swift deployment. This malware, which brings a unique '80s aesthetic to the dark web, has quickly risen in prominence within the cybercrime landscape. It has targeted hundreds of victims glo | Unspecified | 6 |
| The Conti Malware is associated with Clop. Conti is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. Often spreading through suspicious downloads, emails, or websites, it can steal personal information, disrupt operations, or hold data hostage for ransom. Notably, Conti was linked to several ra | Unspecified | 5 |
| The Lemurloot Malware is associated with Clop. LemurLoot is a malicious software, or malware, specifically a web shell written in C# that targets the MOVEit Transfer platform. It was developed and deployed by the CL0P ransomware group to exploit vulnerabilities in systems and steal data. In May 2023, the group exploited a SQL injection zero-day | Unspecified | 5 |
| The Black Basta Malware is associated with Clop. Black Basta is a notorious malware group known for its sophisticated ransomware attacks, which have targeted numerous high-profile entities. The group has demonstrated a remarkable ability to adapt their tactics, techniques, and procedures (TTPs), allowing them to effectively evade security defenses | Unspecified | 4 |
| The Nokoyawa Malware is associated with Clop. Nokoyawa is a prominent malware, specifically ransomware, that has been linked to numerous cybercrime activities since it first emerged in 2022. It has been associated with various other malware families including Quantum, Royal, BlackBasta, and a variety of others such as Emotet, IcedID, CobaltStri | is related to | 4 |
| The FlawedGrace Malware is associated with Clop. FlawedGrace is a notorious malware, a remote access trojan (RAT), that has been used extensively in cyberattacks. It was first brought to light in June 2023 when The DFIR Report revealed its use in Truebot operations. In these operations, following the successful download of a malicious file, Truebo | Unspecified | 3 |
| The REvil Malware is associated with Clop. REvil, also known as Sodinokibi, is a malicious software (malware) that operates on a Ransomware as a Service (RaaS) model. This model became increasingly popular in 2020, with first-stage malware like Dridex and Gootkit being linked to ransomware attacks such as BitPaymer and REvil respectively. Th | Unspecified | 3 |
| The FlawedAmmyy Malware is associated with Clop. FlawedAmmyy is a notable malware, specifically a Remote Access Trojan (RAT), that has been leveraged by threat actors for malicious purposes. The malware is designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites unbeknownst to the user. | Unspecified | 3 |
| The Maze Malware is associated with Clop. Maze is a form of malicious software, or malware, that pioneered a novel double-extortion tactic in the cyber threat landscape. Its modus operandi involves stealing victims' files before encrypting them, thereby enabling the threat actors to threaten both the disruption of operations and the release | Unspecified | 3 |
| The IceFire Malware is associated with Clop. IceFire is a malicious software (malware) that has been detected as part of the Linux ransomware family. It was initially known for attacking Windows systems, but recent developments have seen it expand its reach to both Linux and Windows systems. The shift by IceFire to target Linux systems worldwi | Unspecified | 3 |
| The Raspberry Robin Malware is associated with Clop. Raspberry Robin is a sophisticated malware that uses advanced techniques to infiltrate and exploit computer systems. The malicious software is designed to stealthily enter a system through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can wreak havoc by st | Unspecified | 3 |
| The Hive Malware is associated with Clop. Hive is a form of malware, specifically ransomware, designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Hive can steal personal information, disrupt operations, or hold data hostag | Unspecified | 3 |
| The Qbot Malware is associated with Clop. Qbot, also known as Qakbot or Pinkslipbot, is a modular information stealer malware that first emerged in 2007 as a banking trojan. Its evolution has seen it become an advanced strain of malware used by multiple cybercriminal groups to prepare compromised networks for ransomware infestations. The fi | Unspecified | 2 |
| The Get2 Malware is associated with Clop. Get2 is a type of malware, harmful software designed to infiltrate and damage computer systems or devices. It can be unknowingly downloaded through suspicious emails, downloads, or websites, enabling it to steal personal information, disrupt operations, or hold data hostage for ransom. Among the mos | Unspecified | 2 |
| The Dewmode Malware is associated with Clop. DEWMODE is a malicious web shell malware, written in PHP, designed to interact with MySQL databases and specifically target Accellion FTA devices. It operates by infiltrating the compromised network and exfiltrating data. During 2020-2021, threat actor group TA505 exploited several zero-day vulnerab | Unspecified | 2 |
| The IcedID Malware is associated with Clop. IcedID is a malicious software (malware) that has been implicated in numerous cybercrime campaigns. It has been associated with other notable malware such as Qakbot, BazarLoader, CobaltStrike, Conti, Gozi, Trickbot, Quantum, Emotet, Pikabot, and SystemBC. Its distribution often involves the use of d | Unspecified | 2 |
| The Meterpreter Malware is associated with Clop. Meterpreter is a type of malware that acts as an attack payload within the Metasploit framework, providing threat actors with an interactive shell to control and execute code on a compromised system. The malware is often deployed covertly through suspicious downloads, emails, or websites. Once insta | Unspecified | 2 |
| The Ryuk Malware is associated with Clop. Ryuk is a type of malware known as ransomware, which has been utilized by the threat group ITG23 for several years. This group has been notorious for crypting their malware, with crypters seen in use with other malware such as Trickbot, Emotet, Cobalt Strike, and Ryuk. In 2019, most ransomware inves | Unspecified | 2 |
| The Cactus Malware is associated with Clop. Cactus is a type of malware, specifically ransomware, known for its malicious activities including data theft and system disruption. This malware has been linked to several high-profile attacks, spreading primarily through malvertising campaigns that leverage the DanaBot Trojan. Notably, the Cactus | Unspecified | 2 |
| The Royal Ransomware Malware is associated with Clop. Royal Ransomware is a form of malware that was active from September 2022 through June 2023. This malicious software, designed to exploit and damage computers or devices, would infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it could stea | Unspecified | 2 |
| The Karakurt Malware is associated with Clop. Karakurt is a malicious software (malware) that has been linked to significant data extortion activities. The malware is affiliated with the notorious Conti cybercrime syndicate and ITG23, which are known for their disruptive operations, including data theft and ransom demands. In 2023, there was a | Unspecified | 2 |
| The Sdbot Malware is associated with Clop. SDBot is a malicious software, or malware, that has been leveraged by threat actors known as TA505 and CL0P to exploit vulnerabilities in computer systems. It is used as a backdoor to enable the execution of commands and functions in the compromised computer, often without the user's knowledge. The | Unspecified | 2 |
| The Tinymet Malware is associated with Clop. TinyMet is a type of malware, specifically a tiny, flexible Meterpreter stager, that can infiltrate systems and cause significant damage. It has been used by threat actors like GOLD TAHOE to retrieve the TinyMet Meterpreter stager in Clop ransomware incidents. This harmful program can infect your sy | Unspecified | 2 |
| Alias Description | Association Type | Votes |
|---|---|---|
| The Clop Gang Threat Actor is associated with Clop. The Clop Gang, a cyber threat actor known for its malicious activities, has posed significant challenges to cybersecurity in various sectors. The group is notorious for executing actions with harmful intent and has been particularly active in recent years. As part of their operations, they can range | Unspecified | 5 |
| The Vice Society Threat Actor is associated with Clop. Vice Society, a threat actor or hacking team with malicious intent, has been active since 2022 and has made significant waves in the cybersecurity world. The group is known for deploying various forms of ransomware, including BlackCat, Quantum Locker, Zeppelin, and their own branded variant of Zeppe | Unspecified | 4 |
| The FIN7 Threat Actor is associated with Clop. FIN7, also known as Carbanak, Carbon Spider, Cobalt Group, and Navigator Group, is a notorious cybercrime group that has been active since 2012. The group is recognized for its advanced combination of malware and social engineering tactics, having executed numerous successful attacks against global | Unspecified | 4 |
| The Sangria Tempest Threat Actor is associated with Clop. Sangria Tempest, also known as Carbon Spider, Elbrus, and FIN7, is a threat actor that has been active since 2013. In mid-November 2023, Microsoft observed Sangria Tempest using Storm-1113's EugenLoader delivered through malicious MSIX package installations. The group frequently targets the restaura | Unspecified | 3 |
| The DarkSide Threat Actor is associated with Clop. DarkSide is a threat actor known for its malicious activities, primarily in the realm of ransomware attacks. One of their most notable exploits occurred on May 7, 2021, when they targeted Colonial Pipeline Co., a major player in the U.S. energy sector. The attack disrupted the gasoline supply across | Unspecified | 3 |
| The LockBitSupp Threat Actor is associated with Clop. LockBitSupp, a prominent threat actor, has been identified as Russian national Dmitry Yuryevich Khoroshev. The group's activities have been under scrutiny due to its involvement in ransomware attacks and other cybercrimes. Khoroshev, who was operating under the aliases "LockBit" and "LockBitSupp," i | Unspecified | 2 |
| The Blackmatter Threat Actor is associated with Clop. BlackMatter, a threat actor in the cybersecurity realm, is known for its malicious activities and has been linked to several ransomware strains. The group emerged as a successor to the DarkSide ransomware, which was responsible for the high-profile attack on the Colonial Pipeline in May 2021. Howeve | Unspecified | 2 |
| The Medusa Threat Actor is associated with Clop. Medusa, a threat actor group known for its malicious activities, has been increasingly involved in multiple high-profile cyber attacks. In November 2023, Medusa and other groups like LockBit and ALPHV (BlackCat) exploited a zero-day vulnerability, the Citrix Bleed (CVE-2023-4966), leading to numerou | Unspecified | 2 |
| The BianLian Threat Actor is associated with Clop. BianLian is a threat actor group known for its malicious activities, primarily involving ransomware attacks. The group has been particularly active in 2024, exploiting bugs in JetBrains TeamCity software to launch its attacks. This method of attack has caused significant disruptions and data breache | Unspecified | 2 |
| The Rhysida Threat Actor is associated with Clop. Rhysida is a globally active threat actor known for its ransomware operations, which have impacted a wide range of sectors, particularly the government and public sector. Their use of CleanUpLoader makes their operations highly effective and difficult to detect, as it not only facilitates persistenc | Unspecified | 2 |
| The RansomedVC Threat Actor is associated with Clop. RansomedVC, a new threat actor in the cybersecurity landscape, has emerged as a significant concern due to its unorthodox approaches and deceptive tactics. This group is suspected to be an enterprise of a single individual threat actor, who has previously been associated with other cybercrime operat | Unspecified | 2 |
| Alias Description | Association Type | Votes |
|---|---|---|
| The CVE-2023-0669 Vulnerability is associated with Clop. CVE-2023-0669 is a serious software vulnerability that was identified in Fortra's GoAnywhere Managed File Transfer (MFT) secure file transfer tool. This flaw, which allowed for remote code execution, was exploited by the Clop ransomware group as a zero-day vulnerability. The group launched a major c | Unspecified | 9 |
| The Moveit Transfer Vulnerability Vulnerability is associated with Clop. The MOVEit Transfer vulnerability, officially designated as CVE-2023-34362, is a flaw in software design or implementation that has been exploited by the Cl0p ransomware group. Despite initial concerns, there's no evidence that the Cl0p ransomware was deployed when this vulnerability was recently ex | Unspecified | 6 |
| The vulnerability CVE-2023-27351 is associated with Clop. | Unspecified | 3 |
| The CVE-2023-27350 Vulnerability is associated with Clop. CVE-2023-27350 represents a significant software vulnerability in PaperCut MF/NG, identified as an improper access control flaw. This weakness allows attackers to bypass authentication processes, providing them with the ability to execute code with system privileges. The vulnerability was first upda | Unspecified | 3 |
| The vulnerability CVE-2021-27104 is associated with Clop. | Unspecified | 2 |
| The vulnerability CVE-2021-27102 is associated with Clop. | Unspecified | 2 |
| The CVE-2023-35036 Vulnerability is associated with Clop. CVE-2023-35036 is a significant vulnerability identified in the MOVEit Transfer software, part of the Progress Software suite. This flaw was first reported on June 16, 2023, following the discovery and exploitation of CVE-2023-34362 by a Clop ransomware affiliate. The CVE-2023-35036 vulnerability pr | Unspecified | 2 |
| The CVE-2023-35708 Vulnerability is associated with Clop. CVE-2023-35708 is a critical software vulnerability, specifically an SQL injection flaw, that affected the MOVEit Transfer application. This issue was identified as a privilege escalation vulnerability, meaning it could potentially allow unauthorized users to gain elevated access rights within the s | Unspecified | 2 |
| The vulnerability CVE-2021-27101 is associated with Clop. | Unspecified | 2 |
| The CVE-2023-47246 Vulnerability is associated with Clop. CVE-2023-47246 is a critical zero-day vulnerability discovered in the SysAid IT support and management software solution. The flaw, identified as a path traversal vulnerability, has been exploited by Lace Tempest, a ransomware affiliate known for deploying Cl0p ransomware. This vulnerability allows | has used | 2 |
| Preview | Source Link | CreatedAt | Title |
|---|---|---|---|
| CISA | 8 days ago | ||
| Checkpoint | 2 months ago | ||
| BankInfoSecurity | 2 months ago | ||
| Recorded Future | 2 months ago | ||
| BankInfoSecurity | 2 months ago | ||
| BankInfoSecurity | 2 months ago | ||
| Yori | 2 months ago | ||
| DARKReading | 2 months ago | ||
| Yori | 2 months ago | ||
| BankInfoSecurity | 3 months ago | ||
| BankInfoSecurity | 3 months ago | ||
| InfoSecurity-magazine | 3 months ago | ||
| BankInfoSecurity | 3 months ago | ||
| BankInfoSecurity | 3 months ago | ||
| Securityaffairs | 3 months ago | ||
| InfoSecurity-magazine | 3 months ago | ||
| Securityaffairs | 4 months ago | ||
| CERT-EU | a year ago | ||
| BankInfoSecurity | 8 months ago | ||
| Securityaffairs | 4 months ago |