Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 21:18:32 UTC
Home > List all groups > List all tools > List all groups using tool RCLONE
 Tool: RCLONE
Names
RCLONE
Rclone
Category Tools
Type Downloader, Exfiltration
Description
Rclone is a command line program for syncing files with cloud storage services such as
Dropbox, Google Drive, Amazon S3, and MEGA. Rclone has been used in a number of
ransomware campaigns, including those associated with the Conti and DarkSide
Ransomware-as-a-Service operations.
Information
MITRE ATT&CK Last change to this tool card: 30 December 2022
Download this tool card in JSON format
All groups using tool RCLONE
Changed Name Country Observed
APT groups
 UNC2447 [Unknown] 2020
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=80a8ce0c-d799-4dcd-b2e4-c78c67687b5f
Page 1 of 2

1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=80a8ce0c-d799-4dcd-b2e4-c78c67687b5f
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=80a8ce0c-d799-4dcd-b2e4-c78c67687b5f
Page 2 of 2