jordiserrano.me ClickFix KAIROS IntelTracker

BushidoUK ToolMatrix GroupProfiles: EvilCorp

Report 18 Jun 2026 1 min lectura bushidouk

Fecha

18 Jun 2026

Actor

bushidouk

Tipo

Report

Pais

United States

Sector

Defense

Confianza

high

65

Prioridad analitica

Media

Basado en actor, pais, IOCs, TTPs, filtracion y calidad de contexto.

3IOCs

0TTPs

bushidoukActor

United StatesPais

Executive Summary

Recurso del BushidoUK Ransomware Tool Matrix - GroupProfiles.

Key Points

Source: GroupProfiles/EvilCorp.md
BushidoUK Tool Matrix

GroupProfiles: EvilCorp.md

Recurso del BushidoUK Ransomware Tool Matrix - GroupProfiles.

EvilCorp's Tools

| Discovery | RMM Tools | Defense Evasion | Credential Theft | OffSec | Networking | LOLBAS | Exfiltration |

|---|---|---|---|---|---|---|---|

| Advanced IP Scanner | NetSupport | | KeeThief | Cobalt Strike | | PsExec | MEGA |

| Lansweeper | | | Mimikatz | Mythic | | | RClone |

| | | | SecretServerSecretStealer | | | | Azure Blob Storage |

> [!NOTE]

> This is the list of tools that have been observed during various intrusions that lead to EvilCorp's ransomware deployment (previously BitPaymer, WastedLocker, PhoenixLocker, MacawLocker, Hades, LockBit, and RansomHub).

#### Sources

| Date Published | Report |

|---|---|

| 2 June 2022 | https://cloud.google.com/blog/topics/threat-intelligence/unc2165-shifts-to-evade-sanctions |

| 16 January 2025 | https://services.google.com/fh/files/misc/threat_horizons_report_h1_2025.pdf |

Referencias

Diamond Model

Adversary

bushidouk

Ver perfil →

Victim

BushidoUK ToolMatrix GroupProfiles: EvilCorp

United States

Capability

Report

Infrastructure

cloud.google.com

services.google.com

Relations

Mapa de nodos relacionados por IOCs compartidos, actor, enlaces IntelTracker/OSINT, campanas y victimas observadas. Haz click en un nodo para abrir el post, filtro o fuente.

19 enlaces

cloud.google.com

threat_horizons_report_h1_2025.pdf

services.google.com

IntelTracker / OSINT link

enlace asociado al actor

IntelTracker / OSINT link

enlace asociado al actor

IntelTracker / OSINT link

enlace asociado al actor

IntelTracker / OSINT link

enlace asociado al actor

IntelTracker / OSINT link

enlace asociado al actor

IntelTracker / OSINT link

enlace asociado al actor

IntelTracker / OSINT link

enlace asociado al actor

IntelTracker / OSINT link

enlace asociado al actor

BushidoUK ToolMatrix GroupProfiles: EvilCorp

bushidouk · United States

BushidoUK ToolMatrix ThreatIntel: ExtraThreatIntel

threat_horizons_report_h1_2025.pdf services.google.com

BushidoUK ToolMatrix GroupProfiles: BlackBasta

cloud.google.com

BushidoUK ToolMatrix GroupProfiles: ProphetSpider

cloud.google.com

BushidoUK ToolMatrix GroupProfiles: ScatteredSpider

cloud.google.com

APTTrail: APT 45 indicators and references

cloud.google.com

BushidoUK RVM Profile: ProphetSpider

cloud.google.com

Victima mismo actor

BushidoUK ToolMatrix Tools: AllTools

Victima mismo actor

BushidoUK ToolMatrix Tools: CredentialTheft

Victima mismo actor

BushidoUK ToolMatrix Tools: DefenseEvasion

Victima mismo actor

BushidoUK ToolMatrix Tools: DiscoveryEnum

Victima mismo actor

BushidoUK ToolMatrix Tools: Exfiltration

Indicadores de Compromiso (IOCs)

Tipo	Valor	Contexto	OSINT
File	threat_horizons_report_h1_2025.pdf	Artefacto observado	VT OffSec SOCRadar
Domain	cloud.google.com	Extraido del contenido	VT OffSec SOCRadar
Domain	services.google.com	Extraido del contenido	VT OffSec SOCRadar

Referencias y enlaces

→ Perfil del actor bushidouk en el blog → Ver bushidouk en IntelTracker → Fuente OSINT: github.com → Fuente OSINT: github.com → Buscar bushidouk en APTTrail → Repositorio APTTrail → Mas incidentes en United States → Buscar en Google News → Analizar en VirusTotal → Feed RSS del blog

← Volver al panel de inteligencia

Incidentes recientes