Clop ransomware, operating since early 2019, has infiltrated a range of corporate and private networks, with estimated extortion profits exceeding $500 million. Originating from a group believed to be based in Russia, Clop avoids targeting Commonwealth of Independent States (CIS) countries. This ransomware variant is considered a successor to CryptoMix ransomware, which emerged in 2016. A notable technical aspect of Clop's operations includes the exploitation of vulnerabilities such as CVE-2025-61882, an Oracle E-Business Suite zero-day exploit that came to light in June 2025. This specific attack method underscores Clop's sophisticated approach to leveraging emerging CVEs for network infiltration. Analysis of Clop's network reveals a trend in IP usage, with Germany, Brazil, Panama, and Hong Kong being prominent sources. Out of 96 identified IPs associated with Clop, 41 subnet IPs have been reused, indicating a systematic approach to infrastructure.