{ "name": "CLOP RANSOMWARE: DISSECTING NETWORK - THE RAVEN FILE", "slug": "clop-ransomware-dissecting-network-the-raven-file", "description": "The report analyzes the network infrastructure used by the Clop ransomware group, focusing on their exploitation of CVE-2025-61882 in Oracle EBS. It identifies 96 IP addresses associated with a specific fingerprint, with Germany, Brazil, and Panama being prominent locations. The analysis reveals significant overlap with IP subnets used in previous Clop attacks, including the MOVit and FORTRA Go-Anywhere exploits. The report highlights the group's tendency to reuse infrastructure and their shift away from Russian IPs. It also provides high-confidence fingerprints and subnet patterns associated with Clop operations, offering insights into their attack methodology and infrastructure preferences.", "published": "2025-11-05T08:38:31+00:00", "created_at": "2025-11-05T08:38:31+00:00", "modified_at": "2025-11-05T09:58:36+00:00", "created_at_opencti": "2025-11-05T08:38:31+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2025-11-05", "CVE-2023-0669", "CVE-2023-34362", "CVE-2025-61882", "cryptomix", "cyclops blink", "fingerprints", "infrastructure", "ip addresses", "network analysis", "oracle ebs", "ransomware" ], "related_entities": { "observables": [ { "id": "", "name": "96.44.181.131" }, { "id": "", "name": "92.118.36.249" }, { "id": "", "name": "92.118.36.204" }, { "id": "", "name": "91.238.181.236" }, { "id": "", "name": "91.238.181.229" }, { "id": "", "name": "91.222.174.68" }, { "id": "", "name": "88.214.27.72" }, { "id": "", "name": "88.214.27.43" }, { "id": "", "name": "88.214.27.179" }, { "id": "", "name": "88.214.27.177" }, { "id": "", "name": "88.214.27.175" }, { "id": "", "name": "88.214.27.172" }, { "id": "", "name": "88.214.26.38" }, { "id": "", "name": "88.214.26.37" }, { "id": "", "name": "88.214.26.25" }, { "id": "", "name": "88.214.25.243" }, { "id": "", "name": "88.214.25.242" }, { "id": "", "name": "88.214.25.228" }, { "id": "", "name": "88.214.25.221" }, { "id": "", "name": "88.214.25.214" }, { "id": "", "name": "88.214.25.213" }, { "id": "", "name": "88.214.25.211" }, { "id": "", "name": "82.117.252.142" }, { "id": "", "name": "82.117.252.141" }, { "id": "", "name": "81.56.49.148" }, { "id": "", "name": "81.19.138.52" }, { "id": "", "name": "81.19.136.231" }, { "id": "", "name": "78.128.112.222" }, { "id": "", "name": "79.141.160.78" }, { "id": "", "name": "78.128.112.138" }, { "id": "", "name": "78.128.112.137" }, { "id": "", "name": "76.117.196.3" }, { "id": "", "name": "68.183.120.53" }, { "id": "", "name": "54.39.133.41" }, { "id": "", "name": "5.42.246.34" }, { "id": "", "name": "5.34.180.48" }, { "id": "", "name": "5.34.178.31" }, { "id": "", "name": "5.34.178.30" }, { "id": "", "name": "5.34.178.28" }, { "id": "", "name": "5.188.87.46" }, { "id": "", "name": "5.188.87.38" }, { "id": "", "name": "5.188.86.231" }, { "id": "", "name": "5.188.86.217" }, { "id": "", "name": "5.188.86.213" }, { "id": "", "name": "5.188.86.206" }, { "id": "", "name": "5.188.86.205" }, { "id": "", "name": "5.188.86.189" }, { "id": "", "name": "5.188.86.185" }, { "id": "", "name": "5.188.86.184" }, { "id": "", "name": "5.188.86.163" }, { "id": "", "name": "5.188.206.214" }, { "id": "", "name": "5.178.1.19" }, { "id": "", "name": "5.178.1.17" }, { "id": "", "name": "5.178.1.16" }, { "id": "", "name": "5.178.1.13" }, { "id": "", "name": "5.178.1.12" }, { "id": "", "name": "46.161.27.158" }, { "id": "", "name": "46.161.27.155" }, { "id": "", "name": "46.161.27.113" }, { "id": "", "name": "45.227.255.31" }, { "id": "", "name": "45.227.255.29" }, { "id": "", "name": "45.227.255.214" }, { "id": "", "name": "45.227.253.29" }, { "id": "", "name": "45.227.252.226" }, { "id": "", "name": "45.227.252.199" }, { "id": "", "name": "45.182.189.72" }, { "id": "", "name": "45.182.189.224" }, { "id": "", "name": "45.182.189.194" }, { "id": "", "name": "45.182.189.183" }, { "id": "", "name": "45.182.189.181" }, { "id": "", "name": "45.182.189.107" }, { "id": "", "name": "45.182.189.109" }, { "id": "", "name": "45.156.248.206" }, { "id": "", "name": "45.145.20.212" }, { "id": "", "name": "37.156.246.168" }, { "id": "", "name": "37.156.246.165" }, { "id": "", "name": "37.156.246.166" }, { "id": "", "name": "31.41.33.242" }, { "id": "", "name": "31.41.33.241" }, { "id": "", "name": "31.41.33.240" }, { "id": "", "name": "216.144.248.20" }, { "id": "", "name": "213.121.182.84" }, { "id": "", "name": "209.222.98.25" }, { "id": "", "name": "208.115.199.25" }, { "id": "", "name": "200.107.207.15" }, { "id": "", "name": "200.107.207.31" }, { "id": "", "name": "200.107.207.102" }, { "id": "", "name": "198.137.247.10" }, { "id": "", "name": "194.34.239.44" }, { "id": "", "name": "194.34.239.36" }, { "id": "", "name": "194.34.239.33" }, { "id": "", "name": "194.165.16.93" }, { "id": "", "name": "194.165.16.92" }, { "id": "", "name": "194.165.16.54" }, { "id": "", "name": "194.165.16.113" }, { "id": "", "name": "193.29.13.240" }, { "id": "", "name": "193.29.13.153" }, { "id": "", "name": "193.29.13.150" }, { "id": "", "name": "193.24.211.249" }, { "id": "", "name": "193.24.211.244" }, { "id": "", "name": "193.24.211.242" }, { "id": "", "name": "193.24.211.240" }, { "id": "", "name": "193.142.30.99" }, { "id": "", "name": "193.142.30.66" }, { "id": "", "name": "193.142.30.39" }, { "id": "", "name": "193.142.30.37" }, { "id": "", "name": "193.142.30.242" }, { "id": "", "name": "193.142.30.205" }, { "id": "", "name": "193.142.30.194" }, { "id": "", "name": "193.142.30.165" }, { "id": "", "name": "193.142.30.144" }, { "id": "", "name": "193.142.30.137" }, { "id": "", "name": "193.142.30.134" }, { "id": "", "name": "193.142.30.100" }, { "id": "", "name": "185.99.3.99" }, { "id": "", "name": "185.81.113.156" }, { "id": "", "name": "185.80.52.230" }, { "id": "", "name": "185.55.242.97" }, { "id": "", "name": "185.33.87.126" }, { "id": "", "name": "185.33.86.225" }, { "id": "", "name": "185.232.67.15" }, { "id": "", "name": "185.232.67.101" }, { "id": "", "name": "185.117.88.2" }, { "id": "", "name": "185.104.194.134" }, { "id": "", "name": "179.60.150.151" }, { "id": "", "name": "179.60.150.132" }, { "id": "", "name": "179.60.150.121" }, { "id": "", "name": "179.60.149.249" }, { "id": "", "name": "179.60.149.244" }, { "id": "", "name": "179.60.149.223" }, { "id": "", "name": "179.60.145.216" }, { "id": "", "name": "173.254.236.131" }, { "id": "", "name": "166.70.47.90" }, { "id": "", "name": "161.97.99.49" }, { "id": "", "name": "15.235.83.73" }, { "id": "", "name": "148.113.159.213" }, { "id": "", "name": "147.78.46.97" }, { "id": "", "name": "147.78.46.81" }, { "id": "", "name": "147.78.46.69" }, { "id": "", "name": "147.78.46.26" }, { "id": "", "name": "147.78.46.164" }, { "id": "", "name": "147.78.46.163" }, { "id": "", "name": "147.78.46.134" }, { "id": "", "name": "147.78.46.117" }, { "id": "", "name": "147.78.46.115" }, { "id": "", "name": "147.78.46.112" }, { "id": "", "name": "147.45.112.253" }, { "id": "", "name": "147.45.112.231" }, { "id": "", "name": "147.45.112.220" }, { "id": "", "name": "147.45.112.205" }, { "id": "", "name": "147.45.112.203" }, { "id": "", "name": "142.44.212.178" }, { "id": "", "name": "141.98.82.242" }, { "id": "", "name": "141.98.82.198" }, { "id": "", "name": "104.200.72.149" }, { "id": "", "name": "103.214.147.187" }, { "id": "", "name": "103.214.147.182" }, { "id": "", "name": "103.214.147.181" }, { "id": "", "name": "103.214.147.178" }, { "id": "", "name": "103.214.147.177" }, { "id": "", "name": "103.214.147.176" }, { "id": "", "name": "162.55.17.215" }, { "id": "", "name": "104.194.11.200" }, { "id": "", "name": "200.107.207.26" }, { "id": "", "name": "185.181.60.11" }, { "id": "", "name": "147.45.112.219" }, { "id": "", "name": "45.227.255.74" }, { "id": "", "name": "45.227.255.28" }, { "id": "", "name": "91.199.163.65" }, { "id": "", "name": "91.199.163.59" }, { "id": "", "name": "5.188.87.37" }, { "id": "", "name": "5.188.86.66" }, { "id": "", "name": "5.188.86.70" }, { "id": "", "name": "5.188.86.71" }, { "id": "", "name": "5.188.86.72" }, { "id": "", "name": "5.188.86.162" }, { "id": "", "name": "5.188.87.35" }, { "id": "", "name": "5.188.87.40" }, { "id": "", "name": "5.188.87.49" }, { "id": "", "name": "147.78.47.178" }, { "id": "", "name": "147.78.47.243" }, { "id": "", "name": "147.78.47.236" }, { "id": "", "name": "5.188.87.39" }, { "id": "", "name": "http://200.107.207.15/37:" }, { "id": "", "name": "pubstorm.net" }, { "id": "", "name": "pubstorm.com" }, { "id": "", "name": "in2pay.com" }, { "id": "", "name": "he1p-me.com" }, { "id": "", "name": "he1p-center.com" }, { "id": "", "name": "goto-pay.com" }, { "id": "", "name": "cl-leaks.com" }, { "id": "", "name": "f95812cbb46f0a664a8f2200592369b105d17dfe8255054963aac4e2df53df51" }, { "id": "", "name": "bd613b3be57f18c3bceb0aaf86a28ad8b6df7f9bccacf58044f1068d1787f8a5" }, { "id": "", "name": "b1eff60fe6c57a5a4d1136b7d2c711d058aae6d0242ba4aa1a00c3027cbdca09" }, { "id": "", "name": "aa6d071d787ea8e8d054f7a699301f732cf73552d1df09a0155a5307b43df293" }, { "id": "", "name": "8c614d8111aca771e32ed304b9253992c5c7c8faa5b62c9141aaca595f061df3" }, { "id": "", "name": "7b04ac63dc41d61d409b936d2fdce47c255461f0d1d5ae86a9ddecd39e964548" }, { "id": "", "name": "6877d8531901040aedfc7dc3d9af121bf1800c66c8960a60cc3fd4c361135869" }, { "id": "", "name": "5cce1b8f04cb3766b2d70738ad35c5d8b0ef1e802f193baccc5058478e9859a3" }, { "id": "", "name": "678266acbbb36795e41a210f15e25af212a2e65f34c282cb52c023ba55e164d5" } ], "malware": [ { "id": "legacy:malware:05d67dd1ce18be7e", "name": "CryptoMix", "slug": "cryptomix" }, { "id": "legacy:malware:fe441e5ad2187dfd", "name": "Cyclops Blink - S0687", "slug": "cyclops-blink-s0687" } ], "intrusion_sets": [ { "id": "c05ceb60-2deb-490b-afae-2eba06032bcd", "name": "Clop", "slug": "clop" } ], "attack_patterns": [ { "id": "4bbdf41c-817c-448a-9513-aaea6bfbe8b4", "name": "T1568" }, { "id": "ecaaa4cc-d487-4002-bcb2-f769acfcc38f", "name": "T1490" }, { "id": "a2ba5594-6293-4868-928c-ab4b31927a02", "name": "T1572" }, { "id": "7911f1c3-e86b-4e33-afea-9a054b0295dc", "name": "T1222" }, { "id": "97d377d8-89c7-48f8-a79f-0f48bd60df74", "name": "T1005" }, { "id": "a72ebeae-8e62-4039-8135-e9c611011fdc", "name": "T1573" }, { "id": "d9f271ed-7685-4362-b90d-f16a14102f39", "name": "T1489" }, { "id": "f1bb7823-4f4b-4565-b472-bf0cfca467b1", "name": "T1486" }, { "id": "dc17cbbd-40d8-43cf-b3cf-50d1276db2c7", "name": "T1016" }, { "id": "70616b2f-4019-4963-b758-5d9f6f20e201", "name": "T1082" }, { "id": "45082a8e-9c79-470e-ad1b-decac7188e8f", "name": "T1083" }, { "id": "dc342445-1b78-48b4-aa06-89ed2ad7c28e", "name": "T1071" }, { "id": "870bd958-53a3-4d25-9f23-00aa8bd6674d", "name": "T1102" }, { "id": "50514c04-b3a2-4abf-a855-e3a434200c87", "name": "T1204" }, { "id": "6c8f8a40-2746-4a37-86bd-81e82afa6e62", "name": "T1190" }, { "id": "b9eab970-53dd-4977-9a26-c4fe566e422d", "name": "T1133" }, { "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221", "name": "T1059" } ], "others": [ { "id": "", "name": "Panama" }, { "id": "", "name": "Netherlands" }, { "id": "", "name": "Canada" }, { "id": "", "name": "Germany" }, { "id": "", "name": "Brazil" }, { "id": "", "name": "United States of America" }, { "id": "", "name": "Russian Federation" }, { "id": "", "name": "Technology" }, { "id": "", "name": "Finance" }, { "id": "", "name": "Government" } ] }, "external_refs": [ "https://theravenfile.com/2025/11/04/clop-ransomware-dissecting-network/", "https://otx.alienvault.com/pulse/690b1b175f4f05eaf8f6c0e0" ] }