jordiserrano.me ClickFix KAIROS IntelTracker

BushidoUK ToolMatrix GroupProfiles: BlackSuit

Report 18 Jun 2026 1 min lectura bushidouk

Fecha

18 Jun 2026

Actor

bushidouk

Tipo

Report

Pais

United States

Sector

Defense

Confianza

high

60

Prioridad analitica

Media

Basado en actor, pais, IOCs, TTPs, filtracion y calidad de contexto.

2IOCs

0TTPs

bushidoukActor

United StatesPais

Executive Summary

Recurso del BushidoUK Ransomware Tool Matrix - GroupProfiles.

Key Points

Source: GroupProfiles/BlackSuit.md
BushidoUK Tool Matrix

GroupProfiles: BlackSuit.md

Recurso del BushidoUK Ransomware Tool Matrix - GroupProfiles.

BlackSuit's Tools

| Discovery | RMM Tools | Defense Evasion | Credential Theft | OffSec | Networking | LOLBAS | Exfiltration |

|---|---|---|---|---|---|---|---|

| AdFind | AnyDesk | Eraser | AccountRestore | Cobalt Strike | Chisel | PsExec | RClone |

| Advanced IP Scanner | Atera | GMER | Mimikatz| Brute Ratel C4 | Cloudflared | | |

| SharpShares | LogMeIn | | NirSoft Dialupass | | OpenSSH | | |

| SoftPerfect NetScan | MobaXterm | | NirSoft IEPassView (iepv) | | | | |

| | | | NirSoft MailPassView | | | | |

| | | | NirSoft Netpass | | | | |

| | | | NirSoft RouterPassView | | | | |

> [!NOTE]

> This is the list of tools that have been observed during various intrusions that lead to BlackSuit (previously Royal) ransomware deployment.

#### Sources

| Date Published | Report |

|---|---|

| 10 February 2025 | https://connect.cybercx.com.au/dfir-threat-report-au-2025 |

| 7 August 2024 | https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-061a |

Referencias

Diamond Model

Adversary

bushidouk

Ver perfil →

Victim

BushidoUK ToolMatrix GroupProfiles: BlackSuit

United States

Capability

Report

Infrastructure

connect.cybercx.com.au

www.cisa.gov

Relations

Mapa de nodos relacionados por IOCs compartidos, actor, enlaces IntelTracker/OSINT, campanas y victimas observadas. Haz click en un nodo para abrir el post, filtro o fuente.

21 enlaces

connect.cybercx.com.au

IntelTracker / OSINT link

enlace asociado al actor

IntelTracker / OSINT link

enlace asociado al actor

IntelTracker / OSINT link

enlace asociado al actor

IntelTracker / OSINT link

enlace asociado al actor

IntelTracker / OSINT link

enlace asociado al actor

IntelTracker / OSINT link

enlace asociado al actor

IntelTracker / OSINT link

enlace asociado al actor

IntelTracker / OSINT link

enlace asociado al actor

BushidoUK ToolMatrix GroupProfiles: BlackSuit

bushidouk · United States

BushidoUK ToolMatrix ThreatIntel: ExtraThreatIntel

connect.cybercx.com.au

BushidoUK ToolMatrix GroupProfiles: Akira

BushidoUK ToolMatrix GroupProfiles: BianLian

BushidoUK ToolMatrix GroupProfiles: BlackBasta

BushidoUK ToolMatrix GroupProfiles: Interlock

BushidoUK ToolMatrix GroupProfiles: PLAY

BushidoUK ToolMatrix GroupProfiles: ScatteredSpider

APTTrail: Karakurt Lair indicators and references

Victima mismo actor

BushidoUK ToolMatrix Tools: AllTools

Victima mismo actor

BushidoUK ToolMatrix Tools: CredentialTheft

Victima mismo actor

BushidoUK ToolMatrix Tools: DefenseEvasion

Victima mismo actor

BushidoUK ToolMatrix Tools: DiscoveryEnum

Victima mismo actor

BushidoUK ToolMatrix Tools: Exfiltration

Indicadores de Compromiso (IOCs)

Tipo	Valor	Contexto	OSINT
Domain	connect.cybercx.com.au	Extraido del contenido	VT OffSec SOCRadar
Domain	www.cisa.gov	Extraido del contenido	VT OffSec SOCRadar

Referencias y enlaces

→ Perfil del actor bushidouk en el blog → Ver bushidouk en IntelTracker → Fuente OSINT: github.com → Fuente OSINT: github.com → Buscar bushidouk en APTTrail → Repositorio APTTrail → Mas incidentes en United States → Buscar en Google News → Analizar en VirusTotal → Feed RSS del blog

← Volver al panel de inteligencia

Incidentes recientes