Skip to content

Hide Navigation Hide TOC

Rclone (1f3f15fa-1b4b-494d-abc8-c7f8a227b7b4)

Rclone is a command line program for syncing files with cloud storage services such as Dropbox, Google Drive, Amazon S3, and MEGA. Rclone has been used in a number of ransomware campaigns, including those associated with the Conti and DarkSide Ransomware-as-a-Service operations.[Rclone][Rclone Wars][Detecting Rclone][DarkSide Ransomware Gang][DFIR Conti Bazar Nov 2021]

Cluster A Galaxy A Cluster B Galaxy B Level
Akira (923f478c-7ad1-516f-986d-61f96b9c553e) Tidal Groups Rclone (1f3f15fa-1b4b-494d-abc8-c7f8a227b7b4) Tidal Software 1
Black Basta Affiliates (7f52cadb-7a12-4b9d-9290-1ef02123fbe4) Tidal Groups Rclone (1f3f15fa-1b4b-494d-abc8-c7f8a227b7b4) Tidal Software 1
Akira Ransomware Actors (Deprecated) (0fcb2205-e75b-46c9-ac54-00f218d5e331) Tidal Groups Rclone (1f3f15fa-1b4b-494d-abc8-c7f8a227b7b4) Tidal Software 1
Luna Moth (cca12ba9-f65f-4a29-87ab-a9fc0f99521f) Tidal Groups Rclone (1f3f15fa-1b4b-494d-abc8-c7f8a227b7b4) Tidal Software 1
Rclone (1f3f15fa-1b4b-494d-abc8-c7f8a227b7b4) Tidal Software BlackCat Ransomware Actors & Affiliates (33159d02-a1ce-49ec-a381-60b069db66f7) Tidal Groups 1
Rclone (1f3f15fa-1b4b-494d-abc8-c7f8a227b7b4) Tidal Software RansomHub Ransomware Actors (94794e7b-8b54-4be8-885a-fd1009425ed5) Tidal Groups 1
Rclone (1f3f15fa-1b4b-494d-abc8-c7f8a227b7b4) Tidal Software Hive Ransomware Actors (05cd82bb-f8fc-40f3-83ba-1586ef953d05) Tidal Groups 1
Rclone (1f3f15fa-1b4b-494d-abc8-c7f8a227b7b4) Tidal Software Cinnamon Tempest (8e059c6b-d278-5454-a234-a8ad69feb66c) Tidal Groups 1
Daixin Team (07bdadce-905e-4337-898a-13e88cfb5a61) Tidal Groups Rclone (1f3f15fa-1b4b-494d-abc8-c7f8a227b7b4) Tidal Software 1
Ember Bear (407274be-1820-4a84-939e-629313f4de1d) Tidal Groups Rclone (1f3f15fa-1b4b-494d-abc8-c7f8a227b7b4) Tidal Software 1
Rclone (1f3f15fa-1b4b-494d-abc8-c7f8a227b7b4) Tidal Software Scattered Spider (3d77fb6c-cfb4-5563-b0be-7aa1ad535337) Tidal Groups 1
Rclone (1f3f15fa-1b4b-494d-abc8-c7f8a227b7b4) Tidal Software INC Ransom (8957f42d-a069-542b-bce6-3059a2fa0f2e) Tidal Groups 1
Rclone (1f3f15fa-1b4b-494d-abc8-c7f8a227b7b4) Tidal Software Storm-0501 (de72d564-6487-4cf3-be3e-0a961cf15d5d) Tidal Groups 1
Storm-0844 (fcbf6963-839b-4853-8b80-73ff6831b7d7) Tidal Groups Rclone (1f3f15fa-1b4b-494d-abc8-c7f8a227b7b4) Tidal Software 1
LockBit Ransomware Actors & Affiliates (d0f3353c-fbdd-4bd5-8793-a42e1f319b59) Tidal Groups Rclone (1f3f15fa-1b4b-494d-abc8-c7f8a227b7b4) Tidal Software 1
CACTUS Ransomware Actors (fac6fbf1-935f-4106-ad8b-c8fd8389dd38) Tidal Groups Rclone (1f3f15fa-1b4b-494d-abc8-c7f8a227b7b4) Tidal Software 1
BianLian Ransomware Group (a2add2a0-2b54-4623-a380-a9ad91f1f2dd) Tidal Groups Rclone (1f3f15fa-1b4b-494d-abc8-c7f8a227b7b4) Tidal Software 1