Tools: Exfiltration.md
Recurso del BushidoUK Ransomware Tool Matrix - Tools.
Exfiltration Tools
> [!TIP]
> File synchronization and management tools are designed to facilitate the efficient transfer, backup, and synchronization of files across various platforms and cloud storage services.
> [!IMPORTANT]
> These tools can be misused to upload stolen data to attacker-controlled cloud accounts or destination servers. By leveraging encrypted data transfers, attackers can conceal their activities from network monitoring systems, blending malicious actions with legitimate operations. The legitimate nature of these tools often prevents immediate detection by security systems.
| Tool Name | Threat Group Usage |
|---|---|
| Anonfiles | Avaddon, LockBit |
| AZCopy | Interlock, Storm-0501
| Azure Blob Storage | EvilCorp
| BackBlaze | INC Ransom |
| Bashupload | DarkSide |
| Bublup | BlackSuit |
| Catbox[.]moe | *Br0k3r |
| Cyberduck | Scattered Spider
| Dropbox | BlackCat, Scattered Spider
| Dropfiles | Conti |
| Dropmefiles | Mallox |
| EasyUpload.io | Qilin |
| FileZilla | Akira, Karakurt, AvosLocker, LockBit, Nokoyawa, Diavol, Scattered Spider*, PYSA, BlackCat |
| FreeFileSync | LockBit |
| File[.]io | Mallox, Babuk, Lockbit |
| Gofile[.]io | AvosLocker |
| MEGA | Akira, Conti, MountLocker, Phobos, BlackCat, Karakurt, Scattered Spider, LockBit, BianLian, Hive, Trigona, Quantum, INC Ransom, EvilCorp, Avaddon, MONTI, DarkSide, Vice Society, FiveHands, Storm-0501, Ghost/Cring, NightSpire, Beast, DragonForce |
| PrivatLab | Hive, REvil, BlackMatter, mount-locker, BlackMatter |
| ProtonMail | Avaddon |
| PSCP | AvosLocker, MONTI, RansomHub, *Prophet Spider |
| pCloud | DarkSide, FiveHands |
| Qaz[.]im | Conti, BlackBasta |
| Restic | INC Ransom, Lynx, IMN Crew |
| RClone | BlackSuit, Royal, Black Basta, BlackCat, Akira, Karakurt, AvosLocker, LockBit, BianLian, Hive, Daixin, Conti, Dagon Locker, Trigona, Quantum, REvil, 8BASE, INC Ransom, Cactus, EvilCorp, Scattered Spider, FiveHands, DarkSide, RansomHub, Lockean, OnePercent, Vice Society, Cicada3301, Storm-0501, Medusa, Hunters International, Warlock, TheGentlemen |
| s5cmd | INC Ransom |
| Sendspace | Hive, LockBit, Avaddon, Conti, Darkside, Mallox, REvil |
| share[.]riseup[.]net | AvosLocker |
| Temp[.]sh | Akira, LockBit, BlackSuit |
| Tempsend | LockBit |
| Transfert-my-files | LockBit |
| Transfer[.]sh | LockBit |
| UFile | Hive, Ranzy |
| WinSCP | MAZE, Akira, Phobos, PLAY, LockBit, Conti, MONTI, PYSA, RansomHub, Rhysida, Vice Society, Hunters International, NightSpire, Interlock, Beast, TheGentlemen |