{ "name": "CL0P Ransomware: Latest Attacks", "slug": "cl0p-ransomware-latest-attacks", "description": "The Cl0p ransomware group has recently targeted 43 organizations across various industries, with a focus on Manufacturing, Retail, and Transportation sectors. The majority of victims are located in the US, Canada, and Europe. The attackers likely exploited the Cleo vulnerability (CVE-2024-50623) for initial access. Over 1.6 million assets are potentially vulnerable to this exploit. The report provides IOCs, MITRE ATT&CK techniques, and YARA rules for detection. Cl0p is associated with the Russian cybercriminal group TA505/Evil Corp, known for custom malware development and sophisticated attack techniques. Recommendations include prioritizing patch management, implementing robust email filtering, and strengthening overall security posture.", "published": "2025-02-12T15:15:45+00:00", "created_at": "2025-02-12T15:15:45+00:00", "modified_at": "2025-02-12T19:44:08+00:00", "created_at_opencti": "2025-02-12T15:15:45+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2025-02-12", "CVE-2024-50623", "cl0p", "cleo vulnerability", "data exfiltration", "evil corp", "manufacturing", "ransomware", "retail", "ta505", "transportation" ], "related_entities": { "observables": [ { "id": "", "name": "181.214.147.164" }, { "id": "", "name": "103.140.62.43" }, { "id": "", "name": "89.248.172.139" }, { "id": "", "name": "45.182.189.102" }, { "id": "", "name": "185.181.230.103" }, { "id": "", "name": "09d6dab9b70a74f61c41eaa485b37de9a40c86b6d2eae7413db11b4e6a8256ef" } ], "malware": [ { "id": "legacy:malware:fa3d8d8c210cfdf3", "name": "Cl0p", "slug": "cl0p" } ], "intrusion_sets": [ { "id": "7a6bf580-0a40-4a15-b5a0-9652255d9876", "name": "Cl0p", "slug": "cl0p" } ], "attack_patterns": [ { "id": "52f731f8-22b9-4a53-87eb-35a6738f7a1b", "name": "T1036.001" }, { "id": "5d2af906-6187-4702-ab9f-590fbe5b1ca3", "name": "T1021.002" }, { "id": "f7bc1740-747c-458e-aca7-fd05c60f06f3", "name": "T1550.002" }, { "id": "6b5f1e68-aec7-4ea0-9777-62156da790a7", "name": "T1069" }, { "id": "02abb0a8-0ebf-433b-987f-e25675af60d6", "name": "T1055.001" }, { "id": "b15c00da-c412-4429-900c-659de612baf5", "name": "T1543.003" }, { "id": "da44e22e-1925-42e4-b30d-ac38860d39bb", "name": "T1070.001" }, { "id": "c16977d5-6367-4c7d-91a8-fd1c57bec164", "name": "T1484.001" }, { "id": "ecaaa4cc-d487-4002-bcb2-f769acfcc38f", "name": "T1490" }, { "id": "7f00bfa7-4116-4294-a80f-724681b7ce85", "name": "T1202" }, { "id": "a15721d2-76b1-4869-bd1f-819afb6e368d", "name": "T1482" }, { "id": "f6ceeba2-b50c-47dc-8642-ab9842ca76d7", "name": "T1018" }, { "id": "232fbdfa-94c6-443d-b575-373e75b4f4c2", "name": "T1567" }, { "id": "93b2c4dd-5523-4464-8976-78754ee372fd", "name": "T1012" }, { "id": "cf746a02-00ea-419e-912d-7b03f969c491", "name": "T1518.001" }, { "id": "eaff4611-3c78-4127-8745-726f77ed68ba", "name": "T1070.004" }, { "id": "7364ca96-72bf-4b7f-afef-ce2583b1ed58", "name": "T1562.001" }, { "id": "97d377d8-89c7-48f8-a79f-0f48bd60df74", "name": "T1005" }, { "id": "f1bb7823-4f4b-4565-b472-bf0cfca467b1", "name": "T1486" }, { "id": "6e4e21cc-92cf-4564-920e-d509bd22fd40", "name": "T1574" }, { "id": "926a888c-190c-4efb-ab6b-f9d7e6a0fc54", "name": "T1547" }, { "id": "60972cf6-e90b-4600-af3c-13c468391d9c", "name": "T1106" }, { "id": "70616b2f-4019-4963-b758-5d9f6f20e201", "name": "T1082" }, { "id": "c473a756-355a-42ad-a0df-cd3a8fa006d1", "name": "T1057" }, { "id": "dc410646-9cdd-427b-92e7-179a54f78f90", "name": "T1566.001" }, { "id": "45082a8e-9c79-470e-ad1b-decac7188e8f", "name": "T1083" }, { "id": "dc342445-1b78-48b4-aa06-89ed2ad7c28e", "name": "T1071" }, { "id": "4cb4ee3b-b78f-45cf-bcaa-45a2aa968e56", "name": "T1570" }, { "id": "50514c04-b3a2-4abf-a855-e3a434200c87", "name": "T1204" }, { "id": "0156fcda-e385-4662-b388-086c3e16feec", "name": "T1140" }, { "id": "5b7c66d1-0466-4ba7-af6f-eb82c2f9d05b", "name": "T1033" }, { "id": "6c8f8a40-2746-4a37-86bd-81e82afa6e62", "name": "T1190" }, { "id": "9f11a241-9abc-4c57-95dd-33955ab08826", "name": "T1078" }, { "id": "64cdebc9-0fb4-48f2-bf4f-b87f3741f664", "name": "T1068" }, { "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221", "name": "T1059" } ], "vulnerabilities": [ { "id": "", "name": "CVE-2024-50623" } ], "others": [ { "id": "", "name": "Canada" }, { "id": "", "name": "United States of America" }, { "id": "", "name": "Retail" }, { "id": "", "name": "Transportation" }, { "id": "", "name": "Manufacturing" } ] }, "external_refs": [ "https://www.cyfirma.com/research/cl0p-ransomware-latest-attacks/", "https://otx.alienvault.com/pulse/67acc93194ffc0edb08e9f06" ] }