Dragons Eye
Dragons EyeRansomware Tracker
DashboardVictimsGroupsRansom NotesDecryptorsNegotiationIOCStatistics
Dragons Community
Information & Disclaimer
ā† Back to Groups
clop logo

clop

šŸŸ¢ Active

Status

Active

Total Victims

1,126

Active Sites

3 / 5

Has Parser

No

Top Target Countries

šŸ‡ŗšŸ‡ø USšŸ‡ØšŸ‡¦ CAšŸ‡¬šŸ‡§ GBšŸ‡©šŸ‡Ŗ DEšŸŒ Unknown

Top Target Industries

TechnologyManufacturingBusiness ServicesTransportation/LogisticsHealthcare
Country Distribution
šŸ‡ŗšŸ‡ø US700
šŸ‡ØšŸ‡¦ CA61
šŸ‡¬šŸ‡§ GB46
šŸ‡©šŸ‡Ŗ DE44
šŸŒ Unknown37
šŸ‡®šŸ‡³ IN18
šŸ‡ÆšŸ‡µ JP17
šŸ‡«šŸ‡· FR17
Site Locations (5)
Description

The ransomware group known as Cl0p is a variant of a previously known strain dubbed CryptoMix. It is worth noting that this variant was delivered as the final payload in a phishing campaign in 2019 and was exclusively financially motivated, with attacks carried out by the threat actors TA505. At that time, malicious actors sent phishing emails that led to a macro-enabled document that would drop a loader called 'Get2.' After gaining an initial foothold in the system or infrastructure, the actors began using reconnaissance, lateral movement, and exfiltration techniques to prepare for the deployment of the ransomware. After the execution of the ransomware, Cl0p appends the extension '.clop' to the end of files, or other types of extensions such as '.CIIp, .Cllp, and .C_L_O_P,' as well as different versions of the ransom note that were also observed after encryption. Depending on the variant, any of the ransom text files were created with names like 'ClopReadMe.txt, README_README.txt, Cl0pReadMe.txt, and READ_ME_!!!.TXT.' The Clop operation has shifted from delivering its final payload via phishing and has begun initiating attacks using vulnerabilities that resulted in the exploitation and infection of victims' infrastructures.Source: https://github.com/crocodyli/ThreatActors-TTPs

Ransom Notes (5)
!_READ_ME.txt.clop.CIop.C_I_0P
Recent Victims (1,126 total)
View All
VictimCountryIndustryDate
KOEL.CO.IN
KOEL.CO.IN
šŸ‡®šŸ‡³ INManufacturingDec 18, 2025
HCMSPARTNERS.COM
HCMSPARTNERS.COM
šŸ‡ŗšŸ‡ø USBusiness ServicesNov 21, 2025
DMC-ME.COM
DMC-ME.COM
šŸ‡¦šŸ‡Ŗ AEBusiness ServicesNov 21, 2025
MSG.COM
MSG.COM
šŸ‡ŗšŸ‡ø USMedia and EntertainmentNov 21, 2025
INTELLINUM.COM
INTELLINUM.COM
šŸ‡ŗšŸ‡ø USTechnology
ekbgzchl6x2ias37.onion
DLS
santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion
DLS
toznnag5o3ambca56s2yacteu7q7x2avrfherzmz4nmujrjuib4iusad.onion
DLS
frgp3f3u2ddafv4ny7tqn6tc674m6fyymyywoaxot7xskbjmiyhhsyqd.onion
DLS
htmxyptur5wfjrd7uvg23snupub2pbtlfelk45n37b3augl2w4eearid.onion
DLS
Clop Ransomware Note
YOUR NETWORK HAS BEEN PENETRATED.

All files on each host in the network have been encrypted with a strong algorithm.

Backups were either encrypted or deleted. Shadow copies also removed.

DO NOT TRY TO RECOVER FILES YOURSELF!

Contact us: [TOR LINK]
AAA_READ_AAA.TXTClop - AAA READ AAA
Attention!

We are the ones who hacked you and DOWNLOAD yor data!

We have extensive experience and a strong reputation in this field.
Take what is written below seriously!!!!
We DOWNLOADED - 1,65 Tb


We DOWNLOADED - Your financial documentation, HR Documents, Accounting, your mails,Databases,private correspondence about transactions, employee documents, company documents,Internal manuals, production data,  and much more .




If necessary, we are ready to provide all the evidence.
 
 Contact us within 48 hours in our chat (TOR browser): http://6v4q5w7di74grj2vtmikzgx2tnq5eagyg2cubpcnqrvvee2ijpmprzqd.onion/remote0/[snip]?secret=[snip]

unlock@goto-pay.com
support@in2pay.com
due to blocking of telecom operators
if you write from proton.me please write here unlock@cl-leaks.com 

 
 
 About us:
 OUR BLOG - "link": http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/ -> TOR browser.
Details_Cleo.txtClop - Details Cleo
Hello, [snip] !!!.

We are CL0P^_ group. If you don't know us, search on google. Your company's data has been compromised through your cleo system. We own it now.
To do this, you need to download the TOR browser https://www.torproject.org/download/
You can read about us here  CL0P^_- LEAKS
http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion

Using a vulnerability in platform systems Cleo Harmony, VLTrader and LexiCom we gained access to your networks and downloaded all the information from your servers.
We do not want to make this public or spread your confidential information, we are only interested in money.
We are not interested in political speak just money and money will bring this to finish.

Unique link to chat generated for your company:
http://htmxyptur5wfjrd7uvg23snupub2pbtlfelk45n37b3augl2w4eearid.onion/remote0/[snip]

Do not forget to use TOR browser

We soon show you the files we have and amount. If you pay, data is deleted, we disappear and you never need worry on this again.
If you don't pay, you data will publish on our blog.
How much to pay? % of you revenues and how much data we take. Speak on chat. Fast reply will receive discount.

I. Payment
- Bitcoin wallet is provided when you validate the ready to pay;

II. Participation of third-parties

II.I Not allowed

III. What Guarantee

- All data deleted with high secure tools and video provided
- All publishing stop and cancel
- Any backdoor disclose
- Never attack you again
- All discussion delete

Do you have our data?
- Yes. Ask for list of data and samples

How much time to speak to you?
- 10 days

I need discount?
- Come with offer. Low ball increase price. Quick answer deserve some discount. Discuss on chat.

What cryptocurrency?
- We take Bitcoin and Monero.

Speed of discuss?
- Do not stay silent and speak quick min one time a day.


Contact us via email or chat URL here:
unlock@he1p-me.com
unlock@cl-leaks.com
support@he1p-center.com

Ā© CL0P^_- LEAKS 2020 - 2024
clop1.txtClop - clop1
Your network has been penetrated.
All files on each host in the network have been encrypted with a strong algorithm.
Backups were either encrypted or deleted or backup disks were formatted.
Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover.
We exclusively have decryption software for your situation
No decryption software is available in the public.
DO NOT RESET OR SHUTDOWN ā€“ files may be damaged.
DO NOT RENAME OR MOVE the encrypted and readme files.
DO NOT DELETE readme files.
This may lead to the impossibility of recovery of the certain files.
Photorec, RannohDecryptor etc. repair tools are useless and can destroy your files irreversibly.
If you want to restore your files write to emails (contacts are at the bottom of the sheet) and attach 2-3 encrypted files
(Less than 5 Mb each, non-archived and your files should not contain valuable information
(Databases, backups, large excel sheets, etc.)).
You will receive decrypted samples and our conditions how to get the decoder.

Attention!!!
Your warranty - decrypted samples.
Do not rename encrypted files.
Do not try to decrypt your data using third party software.
We don`t need your files and your information.

But after 2 weeks all your files and keys will be deleted automatically.
Contact emails:
servicedigilogos@protonmail.com
or
managersmaers@tutanota.com

The final price depends on how fast you write to us.

Clop
clop2.txtClop - clop2
[snip]
DO NOT ATTEMPT TO RESTORE OR MOVE THE FILES YOURSELF. THIS MAY DESTROY THEM
***Also a lot of sensitive data has been downloaded from your network***
For example:
______________________________
\\10.30.12.98\D$\[snip]
\\10.30.13.2\Y$\SQLbackup
\\10.40.10.162\D$
THIS IS A SMALL PART. WE DOWNLOADED ALL CLIENT'S SQL DATABASES
If you refuse to cooperate, all data will be published
for free download on our portal:
http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/ - use TOR browser
CONTACT US BY EMAIL:
unlock@support-box.com
unlock@rsv-box.com
OR WRITE TO THE CHAT AT :->:
http://npkoxkuygikbkpuf5yxte66um727wmdo2jtpg2djhb2e224i4r25v7ad.onion/remote0/[snip]
secret=[snip]
(use TOR browser)
View All Ransom Notes
Nov 21, 2025
KNEXTECH.COM
KNEXTECH.COM
šŸ‡ŗšŸ‡ø USTechnologyNov 21, 2025
ANYWHERE.RE
ANYWHERE.RE
šŸ‡·šŸ‡Ŗ RETechnologyNov 21, 2025
GOLDSTARPENS.COM
GOLDSTARPENS.COM
šŸ‡ŗšŸ‡ø USBusiness ServicesNov 21, 2025
NEWLINECLOUD.COM
NEWLINECLOUD.COM
šŸ‡ŗšŸ‡ø USTechnologyNov 21, 2025
NAMA.OM
NAMA.OM
šŸ‡“šŸ‡² OMFinancial ServicesNov 21, 2025
NORTHEASTERNCORP.COM
NORTHEASTERNCORP.COM
šŸ‡ŗšŸ‡ø USBusiness ServicesNov 21, 2025
AQM.COM.SA
AQM.COM.SA
šŸ‡øšŸ‡¦ SAManufacturingNov 21, 2025
MACYS.COM
MACYS.COM
šŸ‡ŗšŸ‡ø USConsumer ServicesNov 21, 2025
HYPERTHERM.COM
HYPERTHERM.COM
šŸ‡ŗšŸ‡ø USManufacturingNov 21, 2025
KOREANAIRCND.COM
KOREANAIRCND.COM
šŸ‡°šŸ‡· KRTransportation/LogisticsNov 21, 2025
INTEROIL.COM.CO
INTEROIL.COM.CO
šŸ‡ØšŸ‡“ COEnergyNov 21, 2025
INVENTIVE-IT.COM
INVENTIVE-IT.COM
šŸ‡¬šŸ‡§ GBTechnologyNov 21, 2025
MAFAS.COM
MAFAS.COM
šŸ‡¹šŸ‡¹ TTBusiness ServicesNov 21, 2025
VIPAPPSCONSULTING.COM
VIPAPPSCONSULTING.COM
šŸ‡¬šŸ‡§ GBTechnologyNov 21, 2025
ZAIN.COM
ZAIN.COM
šŸ‡°šŸ‡¼ KWTelecommunicationNov 21, 2025