Request a Demo
Rewterz
Rewterz Threat Alert – Mirai Botnet aka Katana – Active IOCs
June 9, 2023
Rewterz
Rewterz Threat Alert – APT37 aka GoldBackDoor Group – Active IOCs
June 9, 2023

Rewterz Threat Alert – Clop Ransomware – Active IOCs

Severity

High

Analysis Summary

Clop ransomware first appeared in 2019, which employs the .clop extension after encrypting the victim’s data. It has become a common threat to organizations and corporations. Additionally, it is found that Clop attacks a victim’s whole network as instead of just certain PCs.

To obtain initial access, the threat actors use a well-established network of affiliates. They then send a large number of spear-phishing emails to workers of an organization to induce infection.

Industrial enterprises were the target of 45% of Clop ransomware attacks, while IT companies were the target of 27% of these attacks.

The lull in the Clop ransomware gang’s activities may be easily explained by the fact that some of its infrastructures were shut down in June 2021 as a result of a global law enforcement operation known as Operation Cyclone, which was coordinated by INTERPOL.

Ransom Note:

Impact

  • File Encryption

Indicators of Compromise

MD5

  • 8752a7a052ba75239b86b0da1d483dd7
  • 254a38e39d8cefb28ab838064d5f93f9
  • c41a0e1ddeb85b6326a3dc403a5fd0fa

SHA-256

  • 3320f11728458d01eef62e10e48897ec1c2277c1fe1aa2d471a16b4dccfc1207
  • 88af8d2ab468802fcb2a8ab7c4e9d99b01b3b5a07f57584ac387ed8dd8e8d8bc
  • d0cde86d47219e9c56b717f55dcdb01b0566344c13aa671613598cab427345b9

SHA-1

  • 6eeef883d209d02a05ae9e6a2f37c6cbf69f4d89
  • a2c9968368037484304752f08212db1b4e400dcf
  • 3c8e60ce5ff0cb21be39d1176d1056f9ef9438fa

Remediation

  • Block all threat indicators at your respective controls.
  • Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls.
  • Maintain cyber hygiene by updating your anti-virus software and implementing a patch management lifecycle.
  • Maintain Offline Backups – In a ransomware attack, the adversary will often delete or encrypt backups if they have access to them. That’s why it’s important to keep offline (preferably off-site), encrypted backups of data and test them regularly.
  • Emails from unknown senders should always be treated with caution.
  • Never trust or open links and attachments received from unknown sources/senders.