jordiserrano.meClickFixKAIROSIntelTracker
Panel de inteligencia » BushidoUK RVM Profile: Clop

BushidoUK RVM Profile: Clop

Threat-actor 2 min lectura clop
Fecha
18 Jun 2026
Actor
clop
Tipo
Threat-actor
Pais
United Kingdom
Sector
Software
Confianza
high
85
Prioridad analitica
Alta

Basado en actor, pais, IOCs, TTPs, filtracion y calidad de contexto.

7IOCs
0TTPs
clopActor
United KingdomPais
Executive Summary
Perfil del grupo ransomware segun BushidoUK Ransomware Vulnerability Matrix. Incluye vulnerabilidades conocidas, herramientas y TTPs asociadas.

Key Points

  • Source: BushidoUK RVM GroupProfiles
  • BushidoUK RVM Repository

Group Profile: Clop

Perfil del grupo ransomware segun BushidoUK Ransomware Vulnerability Matrix. Incluye vulnerabilidades conocidas, herramientas y TTPs asociadas.

Clop's Exploited Vulnerabilities

> [!NOTE]

> This is the list of vulnerabilities that have been observed during intrusions that lead to Clop ransomware deployment or data exfiltration and leaks published to Clop's Tor Site

Accellion

| Product | CVE(s) | Ransomware Group(s) | Source(s) |

|---|---|---|---|

| Accellion File Transfer Appliance | CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104 | Clop | mandiant.com |

CentreStack

| Product | CVE(s) | Ransomware Group(s) | Source(s) |

|---|---|---|---|

| Gladinet CentreStack | CVE-2025-11371 | Clop | securityaffairs.com |

Cleo

| Product | CVE(s) | Ransomware Group(s) | Source(s) |

|---|---|---|---|

| Cleo VLTrader, Harmony, LexiCom | CVE-2024-55956 | Clop | huntress.com |

Fortra

| Product | CVE(s) | Ransomware Group(s) | Source(s) |

|---|---|---|---|

| GoAnywhere Managed File Transfer | CVE-2023-0669 | Clop | censys.io |

Oracle

| Product | CVE(s) | Ransomware Group(s) | Source(s) |

|---|---|---|---|

| E-Business | CVE-2025-61882 | Clop | crowdstrike.com |

Progress Software

| Product | CVE(s) | Ransomware Group(s) | Source(s) |

|---|---|---|---|

| MOVEit | CVE-2023-34362 | Clop | cisa.gov |

PaperCut

| Product | CVE(s) | Ransomware Group(s) | Source(s) |

|---|---|---|---|

| PaperCut Application Server | CVE-2023-27350 & CVE-2023-27351 | Clop | twitter.com/MsftSecIntel |

SolarWinds

| Product | CVE(s) | Ransomware Group(s) | Source(s) |

|---|---|---|---|

| SolarWinds Serv-U FTP | CVE-2021-35211 | Clop | research.nccgroup.com |

---

#### Sources

| Date Published | Report |

|---|---|

| 6 October 2025 | https://www.crowdstrike.com/en-us/blog/crowdstrike-identifies-campaign-targeting-oracle-e-business-suite-zero-day-CVE-2025-61882/ |

| 9 December 2024 | https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild |

| 7 June 2023 | https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a |

| 26 April 2023 | https://twitter.com/MsftSecIntel/status/1651346653901725696 |

| 16 Feb 2023 | https://censys.io/rce-zero-day-in-goanywhere-mft-cve-2023-0669/ |

| 8 November 2021 | https://research.nccgroup.com/2021/11/08/ta505-exploits-solarwinds-serv-u-vulnerability-cve-2021-35211-for-initial-access/ |

| 22 Feb 2021 | https://www.mandiant.com/resources/blog/accellion-fta-exploited-for-data-theft-and-extortion |

Referencias

Diamond Model

Adversary
clop
Ver perfil →
Victim
BushidoUK RVM Profile: Clop
United Kingdom
Capability
Threat-actor
Infrastructure
www.crowdstrike.com
www.huntress.com
www.cisa.gov
twitter.com

Indicadores de Compromiso (IOCs)

TipoValorContextoOSINT
Domain www.crowdstrike.com Extraido del contenido VT OffSec SOCRadar
Domain www.huntress.com Extraido del contenido VT OffSec SOCRadar
Domain www.cisa.gov Extraido del contenido VT OffSec SOCRadar
Domain twitter.com Extraido del contenido VT OffSec SOCRadar
Domain censys.io Extraido del contenido VT OffSec SOCRadar
Domain research.nccgroup.com Extraido del contenido VT OffSec SOCRadar
Domain www.mandiant.com Extraido del contenido VT OffSec SOCRadar

Referencias y enlaces

→ Perfil del actor clop en el blog → Ver clop en IntelTracker → Fuente OSINT: github.com→ Fuente OSINT: raw.githubusercontent.com → Buscar clop en APTTrail → Repositorio APTTrail → Mas incidentes en United Kingdom → Buscar en Google News → Analizar en VirusTotal → Feed RSS del blog
← Volver al panel de inteligencia

Incidentes recientes

Suǭrez&Clavera18 Jun 2026 · gunra MHE9 Logstica Ltda18 Jun 2026 · gunra Misericrdia de Santo Tirso18 Jun 2026 · qilin Direǜo Estacionamentos S.A.18 Jun 2026 · deadlock Br Cargolift Polska Sp. z o.o.18 Jun 2026 · deadlock www.someco.com18 Jun 2026 · lynx www.eastersealsia.org18 Jun 2026 · lynx Vera Chimie Management18 Jun 2026 · the-gentlemen