Microsoft Windows Operating System - comprehensive desktop and server platform
1 Data Sources
1 Templates
0 Downloads
Updated 3 days ago
CLI Install (Vendor)
System
1 Templates
🦠CLOP Ransomware Service Installation
Known CLOP Persistence Mechanism - Event ID 7045
Simulates CLOP ransomware service installation events. CLOP is a sophisticated ransomware family that uses specific service names ('SecurityCenterIBM', 'WinCheckDRVs') for persistence and privilege escalation. This template generates events matching known CLOP TTPs for detection rule testing and SOC training.
Frequencyenum.low
XML
clop
ransomware
persistence
t1543
malware
threat-simulation
Compliance:
MITRE ATT&CK T1543.003 (Create or Modify System Process: Windows Service)
NIST Cybersecurity Framework - Detect (DE.CM)
SANS TOP 20 Critical Security Controls
PCI DSS Requirement 10 (Logging and Monitoring)
Security: Critical
When Generated:
- During CLOP ransomware deployment phase
- For persistence establishment on compromised Windows systems
- In red team exercises simulating CLOP campaign tactics
- For detection rule validation and SOC analyst training
Frequency Notes: Very low frequency in legitimate environments - any occurrence should trigger immediate investigation
CLI Install