RCLONE

Description

Rclone is a command line program for syncing files with cloud storage services such as Dropbox, Google Drive, Amazon S3, and MEGA. Rclone has been used in a number of ransomware campaigns, including those associated with the Conti and DarkSide Ransomware-as-a-Service operations.

Names

Name
RCLONE
Rclone

Type

Downloader
Exfiltration

Information

https://rclone.org
https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
https://redcanary.com/blog/rclone-mega-extortion/
https://research.nccgroup.com/2021/05/27/detecting-rclone-an-effective-tool-for-exfiltration/
https://thedfirreport.com/2021/11/29/continuing-the-bazar-ransomware-story/
https://unit42.paloaltonetworks.com/darkside-ransomware/

Mitre Attack

https://attack.mitre.org/software/S1040/

Other Information

Uuid

80a8ce0c-d799-4dcd-b2e4-c78c67687b5f

Last Card Change

2022-12-30

Threat Intelligence Garden

Explorer

RCLONE

RCLONE

Description

Names

Category

Type

Information

Mitre Attack

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks