Rclone

MITRE

Tipo Malware:
Tool

Prima attivita:
Unknown

Ultima attivita:
Unknown

Dettagli:

[Rclone](https://attack.mitre.org/software/S1040) is a command line program for syncing files with cloud storage services such as Dropbox, Google Drive, Amazon S3, and MEGA. [Rclone](https://attack.mitre.org/software/S1040) has been used in a number of ransomware campaigns, including those associated with the [Conti](https://attack.mitre.org/software/S0575) and DarkSide Ransomware-as-a-Service operations.(Citation: Rclone)(Citation: Rclone Wars)(Citation: Detecting Rclone)(Citation: DarkSide Ransomware Gang)(Citation: DFIR Conti Bazar Nov 2021)

Tecniche Associate (6)

ID	ATT&CK	Tattiche
T1030	Data Transfer Size Limits	-
T1048.002	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	-
T1048.003	Exfiltration Over Unencrypted Non-C2 Protocol	-
T1083	File and Directory Discovery	-
T1560.001	Archive via Utility	-
T1567.002	Exfiltration to Cloud Storage	-

Usato da Attori (7)

Akira
Unknown

Cinnamon Tempest
Unknown

Ember Bear
Unknown

INC Ransom
Unknown

Medusa Group
Unknown

Scattered Spider
Unknown

Storm-0501
Unknown

Metadata

ID:	728
Created:	13/01/2026 17:48
Updated:	06/03/2026 16:00