Clop
MITRE
Malware Type:
Other
Other
First seen:
Unknown
Unknown
Last seen:
Unknown
Unknown
Details:
[Clop](https://attack.mitre.org/software/S0611) is a ransomware family that was first observed in February 2019 and has been used against retail, transportation and logistics, education, manufacturing, engineering, automotive, energy, financial, aerospace, telecommunications, professional and legal services, healthcare, and high tech industries. [Clop](https://attack.mitre.org/software/S0611) is a variant of the CryptoMix ransomware.(Citation: Mcafee Clop Aug 2019)(Citation: Cybereason Clop Dec 2020)(Citation: Unit42 Clop April 2021)
Associated Techniques (17)
| ID | ATT&CK | Tactics |
|---|---|---|
| T1027.002 | Software Packing | - |
| T1057 | Process Discovery | - |
| T1059.003 | Windows Command Shell | - |
| T1083 | File and Directory Discovery | - |
| T1106 | Native API | - |
| T1112 | Modify Registry | - |
| T1135 | Network Share Discovery | - |
| T1140 | Deobfuscate/Decode Files or Information | - |
| T1218.007 | Msiexec | - |
| T1486 | Data Encrypted for Impact | - |
| T1489 | Service Stop | - |
| T1490 | Inhibit System Recovery | - |
| T1497.003 | Time Based Checks | - |
| T1518.001 | Security Software Discovery | - |
| T1553.002 | Code Signing | - |
Used by Actors (1)
Metadata
| ID: | 559 |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |