S1040LinuxWindowsmacOS

S1040Rclone

Platforms
3
ATT&CK
14.1
References
6

Description

[Rclone](https://attack.mitre.org/software/S1040) is a command line program for syncing files with cloud storage services such as Dropbox, Google Drive, Amazon S3, and MEGA. [Rclone](https://attack.mitre.org/software/S1040) has been used in a number of ransomware campaigns, including those associated with the [Conti](https://attack.mitre.org/software/S0575) and DarkSide Ransomware-as-a-Service operations.(Citation: Rclone)(Citation: Rclone Wars)(Citation: Detecting Rclone)(Citation: DarkSide Ransomware Gang)(Citation: DFIR Conti Bazar Nov 2021)

Platforms· 3

LinuxWindowsmacOS

References

  1. https://attack.mitre.org/software/S1040
  2. https://research.nccgroup.com/2021/05/27/detecting-rclone-an-effective-tool-for-exfiltration/
  3. https://thedfirreport.com/2021/11/29/continuing-the-bazar-ransomware-story/
  4. https://redcanary.com/blog/rclone-mega-extortion/
  5. https://rclone.org
  6. https://unit42.paloaltonetworks.com/darkside-ransomware/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
Bumblebee
Software
BlackCat
Software
SZ40
Software
Windows10
Software
Conti
Software
R980
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.