jordiserrano.meClickFixKAIROSIntelTracker
Panel de inteligencia » BushidoUK ToolMatrix CommunityReports: CR-016-PLAY-APR-2025

BushidoUK ToolMatrix CommunityReports: CR-016-PLAY-APR-2025

Report 1 min lectura bushidouk
Fecha
18 Jun 2026
Actor
bushidouk
Tipo
Report
Pais
United Kingdom
Sector
Retail
Confianza
high
75
Prioridad analitica
Media

Basado en actor, pais, IOCs, TTPs, filtracion y calidad de contexto.

5IOCs
0TTPs
bushidoukActor
United KingdomPais
Executive Summary
Recurso del BushidoUK Ransomware Tool Matrix - CommunityReports.

Key Points

  • Source: CommunityReports/CR-016-PLAY-APR-2025.md
  • BushidoUK Tool Matrix

CommunityReports: CR-016-PLAY-APR-2025.md

Recurso del BushidoUK Ransomware Tool Matrix - CommunityReports.

Community Report 016 - PLAY April 2025

Contributor Details

- Real Name: N/A

- Online Handle / Links to profiles: https://x.com/SecurityAura

- Employer: Private, DFIR role

- Affiliations: Curated Intelligence

---

Adversary

- Named adversary: PLAY

---

Incident Details

- Time of Incident: April 2025

- Victim Sector: Retail

- Victim Country: Canada

- Victim Size: 50-200

---

Observed Tools

| Discovery | RMM Tools | Defense Evasion | Credential Theft | OffSec | Networking | LOLBAS | Exfiltration |

|---|---|---|---|---|---|---|---|

| | | icardagt.exe | Mimikatz | | Fast Reverse Proxy Client (FRPC) | | |

| | | PCHunter | Nanodump | | | | |

| | | EDRKill (echo_driver.sys + DBUtil 2.3) | HandleKatz | | | | |

---

#### Any Related Sources

- icardagt.exe DLL sideloading of version.dll - https://hijacklibs.net/entries/microsoft/built-in/version.html

| Date Published | Report |

|---|---|

| 2025/08/05 | https://www.guidepointsecurity.com/blog/gritrep-akira-sonicwall/ |

Referencias

Diamond Model

Adversary
bushidouk
Ver perfil →
Victim
BushidoUK ToolMatrix CommunityReports: CR-016-PLAY-APR-2025
United Kingdom
Capability
Report
Infrastructure
hijacklibs.net
www.guidepointsecurity.com

Relations

Mapa de nodos relacionados por IOCs compartidos, actor, enlaces IntelTracker/OSINT, campanas y victimas observadas. Haz click en un nodo para abrir el post, filtro o fuente.

16 enlaces
Domain
www.guidepointsecurity.com
IOC compartido
File
icardagt.exe
IOC compartido
File
version.dll
IOC compartido
Domain
hijacklibs.net
IOC compartido
IntelTracker / OSINT link
github.com
bushidouk
enlace asociado al actor
IntelTracker / OSINT link
github.com
bushidouk
enlace asociado al actor
IntelTracker / OSINT link
github.com
bushidouk
enlace asociado al actor
IntelTracker / OSINT link
github.com
bushidouk
enlace asociado al actor
IntelTracker / OSINT link
github.com
bushidouk
enlace asociado al actor
IntelTracker / OSINT link
github.com
bushidouk
enlace asociado al actor
IntelTracker / OSINT link
github.com
bushidouk
enlace asociado al actor
IntelTracker / OSINT link
github.com
bushidouk
enlace asociado al actor
Nodo actual
BushidoUK ToolMatrix CommunityReports: CR-016-PLAY-APR-2025
bushidouk · United Kingdom
Victima
BushidoUK ToolMatrix CommunityReports: CR-001-AKIRA-JUN-2025
icardagt.exe version.dll
IOC compartido
Victima
BushidoUK ToolMatrix CommunityReports: CR-003-AKIRA-JUN-2025
icardagt.exe version.dll
IOC compartido
Victima
BushidoUK ToolMatrix GroupProfiles: INC_Ransom
www.guidepointsecurity.com
IOC compartido
Victima mismo actor
BushidoUK ToolMatrix Tools: AllTools
18 Jun 2026
mismo actor
Victima mismo actor
BushidoUK ToolMatrix Tools: CredentialTheft
18 Jun 2026
mismo actor
Victima mismo actor
BushidoUK ToolMatrix Tools: DefenseEvasion
18 Jun 2026
mismo actor
Victima mismo actor
BushidoUK ToolMatrix Tools: DiscoveryEnum
18 Jun 2026
mismo actor
Victima mismo actor
BushidoUK ToolMatrix Tools: Exfiltration
18 Jun 2026
mismo actor

Indicadores de Compromiso (IOCs)

TipoValorContextoOSINT
File icardagt.exe Artefacto observado VT OffSec SOCRadar
File echo_driver.sys Artefacto observado VT OffSec SOCRadar
File version.dll Artefacto observado VT OffSec SOCRadar
Domain hijacklibs.net Extraido del contenido VT OffSec SOCRadar
Domain www.guidepointsecurity.com Extraido del contenido VT OffSec SOCRadar

Referencias y enlaces

→ Perfil del actor bushidouk en el blog → Ver bushidouk en IntelTracker → Fuente OSINT: github.com→ Fuente OSINT: github.com → Buscar bushidouk en APTTrail → Repositorio APTTrail → Mas incidentes en United Kingdom → Buscar en Google News → Analizar en VirusTotal → Feed RSS del blog
← Volver al panel de inteligencia

Incidentes recientes

Suǭrez&Clavera18 Jun 2026 · gunra MHE9 Logstica Ltda18 Jun 2026 · gunra Misericrdia de Santo Tirso18 Jun 2026 · qilin Direǜo Estacionamentos S.A.18 Jun 2026 · deadlock Br Cargolift Polska Sp. z o.o.18 Jun 2026 · deadlock www.someco.com18 Jun 2026 · lynx www.eastersealsia.org18 Jun 2026 · lynx Vera Chimie Management18 Jun 2026 · the-gentlemen