BushidoUK ToolMatrix ThreatIntel: ExtraThreatIntel

Report 18 Jun 2026 3 min lectura bushidouk

Fecha

18 Jun 2026

Actor

bushidouk

Tipo

Report

Pais

United States

Sector

Confianza

high

100

Prioridad analitica

Alta

Basado en actor, pais, IOCs, TTPs, filtracion y calidad de contexto.

28IOCs

0TTPs

bushidoukActor

United StatesPais

Executive Summary

Recurso del BushidoUK Ransomware Tool Matrix - ThreatIntel.

Key Points

(Embargo) | https://www.microsoft.com/en-us/security/blog/2025/08/27/storm-0501s-evolving-techniques-lead-to-cloud-based-ransomware/ |
| https://www.crowdstrike.com/en-us/blog/crowdstrike-services-observes-scattered-spider-escalate-attacks/ |
(Sabbath/54bb47h, Hive, BlackCat, Hunters International, LockBit, Embargo) | https://www.microsoft.com/en-us/security/blog/2024/09/26/storm-0501-ransomware-attacks-expanding-to-hybrid-cloud-environments/ |
(Scarab, ScRansom, NONAME, RansomHub) | https://www.welivesecurity.com/en/eset-research/cosmicbeetle-steps-up-probation-period-ransomhub/ |
Source: ThreatIntel/ExtraThreatIntel.md

ThreatIntel: ExtraThreatIntel.md

Recurso del BushidoUK Ransomware Tool Matrix - ThreatIntel.

Extra Threat Intel

> [!IMPORTANT]

> The Threat Groups mentioned in other files in this repository are highlighted in the following list of additional reports provided by a variety of sources. It was important to use this list of publicly available reports as the main source as it makes it so the research can be independently peer reviewed.

| Date Published | Ransomware/Extortionist | Report |

|---|---|---|

| 15 May 2026 | TheGentlemen | https://ransom-isac.com/blog/the-gentlemen-leak-analysis/ |

| 14 May 2026 | TheGentlemen | https://www.kelacyber.com/blog/the-gentlemen-ransomware-internal-chat-leak-analysis-2026/ |

| 13 May 2026 | TheGentlemen | https://research.checkpoint.com/2026/thus-spoke-the-gentlemen/ |

| 1 April 2026 | Yurei | https://www.team-cymru.com/post/yurei-double-extortion-ransomware-campaign-toolkit |

| 18 March 2026 | Beast | https://www.team-cymru.com/post/beast-ransomware-server-toolkit-analysis |

| 16 March 2026 | Warlock | https://www.trendmicro.com/en_us/research/26/c/dissecting-a-warlock-attack.html |

| 12 March 2026 | INC Ransom | https://www.huntress.com/blog/data-exfiltration-threat-actor-infrastructure-exposed |

| 18 December 2025 | Qilin | https://www.sophos.com/en-us/blog/i-am-not-a-robot-clickfix-used-to-deploy-stealc-and-qilin |

| 11 December 2025 | Warlock | https://www.sophos.com/en-us/blog/gold-salem-tradecraft-for-deploying-warlock-ransomware |

| 13 November 2025 | Kraken | https://blog.talosintelligence.com/kraken-ransomware-group/ |

| 11 November 2025 | Ymir | https://securelist.com/new-ymir-ransomware-found-in-colombia/114493/ |

| 29 October 2025 | DragonForce | https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-dragonforce |

| 9 October 2025 | Warlock | https://blog.talosintelligence.com/velociraptor-leveraged-in-ransomware-attacks/ |

| 26 September 2025 | Akira | https://arcticwolf.com/resources/blog/smash-and-grab-aggressive-akira-campaign-targets-sonicwall-vpns/ |

| 9 September 2025 | TheGentlemen | https://www.trendmicro.com/en_us/research/25/i/unmasking-the-gentlemen-ransomware.html |

| 27 August 2025 | Storm-0501

(Embargo) | https://www.microsoft.com/en-us/security/blog/2025/08/27/storm-0501s-evolving-techniques-lead-to-cloud-based-ransomware/ |

| 2 July 2025 | Scattered Spider

| https://www.crowdstrike.com/en-us/blog/crowdstrike-services-observes-scattered-spider-escalate-attacks/ |

| 25 April 2025 | Qilin | https://redpiranha.net/news/qilin-ransomware-all-you-need-know |

| 24 April 2025 | IMN Crew | https://www.s-rminform.com/latest-thinking/ransomware-in-focus-meet-imn-crew |

| 16 April 2025 | CrazyHunter | https://www.trendmicro.com/en_us/research/25/d/crazyhunter-campaign.html |

| 8 April 2025 | RansomEXX | https://www.microsoft.com/en-us/security/blog/2025/04/08/exploitation-of-clfs-zero-day-leads-to-ransomware-activity/ |

| 1 April 2025 | Qilin | https://news.sophos.com/en-us/2025/04/01/sophos-mdr-tracks-ongoing-campaign-by-qilin-affiliates-targeting-screenconnect/ |

| 26 March 2025 | RansomHub, BianLian, Medusa, Play | https://www.welivesecurity.com/en/eset-research/shifting-sands-ransomhub-edrkillshifter/ |

| 26 March 2025 | QWCrypt | https://www.bitdefender.com/en-us/blog/businessinsights/redcurl-qwcrypt-ransomware-technical-deep-dive |

| 25 March 2025 | NightSpire | https://www.s-rminform.com/latest-thinking/ransomware-in-focus-meet-nightspire |

| 20 March 2025 | RansomHub | https://www.security.com/threat-intelligence/ransomhub-betruger-backdoor |

| 19 March 2025 | Hunters International | https://www.esentire.com/blog/from-access-to-encryption-dissecting-hunters-internationals-latest-ransomware-attack |

| 10 March 2025 | Qilin | https://www.picussecurity.com/resource/blog/qilin-ransomware |

| 6 March 2025 | Medusa | https://www.security.com/threat-intelligence/medusa-ransomware-attacks |

| 20 February 2025 | NailaoLocker | https://www.trendmicro.com/en_us/research/25/b/updated-shadowpad-malware-leads-to-ransomware-deployment.html |

| 18 February 2025 | NailaoLocker | https://www.orangecyberdefense.com/global/blog/cert-news/meet-nailaolocker-a-ransomware-distributed-in-europe-by-shadowpad-and-plugx-backdoors |

| 13 February 2025 | RA World | https://www.security.com/threat-intelligence/chinese-espionage-ransomware |

| 10 February 2025 | Various Groups | https://connect.cybercx.com.au/dfir-threat-report-au-2025 |

| 16 January 2025 | EvilCorp*, RansomHub| https://services.google.com/fh/files/misc/threat_horizons_report_h1_2025.pdf |

| 2 December 2024 | RobbinHood | https://www.crowdstrike.com/en-us/blog/falcon-prevents-vulnerable-driver-attacks-real-world-intrusion/ |

| 7 November 2024 | Interlock | https://blog.talosintelligence.com/emerging-interlock-ransomware/ |

| 7 November 2024 | Helldown | https://www.truesec.com/hub/blog/helldown-ransomware-group |

| 23 October 2024 | Embargo | https://www.welivesecurity.com/en/eset-research/embargo-ransomware-rocknrust/ |

| 3 October 2024 | Medusa Locker | https://blog.talosintelligence.com/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022 |

| 26 September 2024 | Storm-0501

(Sabbath/54bb47h, Hive, BlackCat, Hunters International, LockBit, Embargo) | https://www.microsoft.com/en-us/security/blog/2024/09/26/storm-0501-ransomware-attacks-expanding-to-hybrid-cloud-environments/ |

| 10 September 2024 | CosmicBeetle

(Scarab, ScRansom, NONAME, RansomHub) | https://www.welivesecurity.com/en/eset-research/cosmicbeetle-steps-up-probation-period-ransomhub/ |

| 10 September 2024 | Cicada3301 | https://unit42.paloaltonetworks.com/repellent-scorpius-cicada3301-ransomware/ |

| 24 September 2024 | DragonForce | https://www.group-ib.com/blog/dragonforce-ransomware/ |

| 3 September 2024 | Cicada3301 | https://blog.morphisec.com/cicada3301-ransomware-threat-analysis |

| 28 August 2024 | BlackByte | https://blog.talosintelligence.com/blackbyte-blends-tried-and-true-tradecraft-with-newly-disclosed-vulnerabilities-to-support-ongoing-at

Referencias

Diamond Model

Adversary

bushidouk

Ver perfil →

Victim

BushidoUK ToolMatrix ThreatIntel: ExtraThreatIntel

United States

Capability

Report

Infrastructure

ransom-isac.com

www.kelacyber.com

research.checkpoint.com

www.team-cymru.com

Indicadores de Compromiso (IOCs)

Tipo	Valor	Contexto	OSINT
File	threat_horizons_report_h1_2025.pdf	Artefacto observado	VT OffSec SOCRadar
Domain	ransom-isac.com	Extraido del contenido	VT OffSec SOCRadar
Domain	www.kelacyber.com	Extraido del contenido	VT OffSec SOCRadar
Domain	research.checkpoint.com	Extraido del contenido	VT OffSec SOCRadar
Domain	www.team-cymru.com	Extraido del contenido	VT OffSec SOCRadar
Domain	www.trendmicro.com	Extraido del contenido	VT OffSec SOCRadar
Domain	www.huntress.com	Extraido del contenido	VT OffSec SOCRadar
Domain	www.sophos.com	Extraido del contenido	VT OffSec SOCRadar
Domain	blog.talosintelligence.com	Extraido del contenido	VT OffSec SOCRadar
Domain	securelist.com	Extraido del contenido	VT OffSec SOCRadar
Domain	arcticwolf.com	Extraido del contenido	VT OffSec SOCRadar
Domain	www.microsoft.com	Extraido del contenido	VT OffSec SOCRadar
Domain	www.crowdstrike.com	Extraido del contenido	VT OffSec SOCRadar
Domain	redpiranha.net	Extraido del contenido	VT OffSec SOCRadar
Domain	www.s-rminform.com	Extraido del contenido	VT OffSec SOCRadar
Domain	news.sophos.com	Extraido del contenido	VT OffSec SOCRadar
Domain	www.welivesecurity.com	Extraido del contenido	VT OffSec SOCRadar
Domain	www.bitdefender.com	Extraido del contenido	VT OffSec SOCRadar
Domain	www.security.com	Extraido del contenido	VT OffSec SOCRadar
Domain	www.esentire.com	Extraido del contenido	VT OffSec SOCRadar
Domain	www.picussecurity.com	Extraido del contenido	VT OffSec SOCRadar
Domain	www.orangecyberdefense.com	Extraido del contenido	VT OffSec SOCRadar
Domain	connect.cybercx.com.au	Extraido del contenido	VT OffSec SOCRadar
Domain	services.google.com	Extraido del contenido	VT OffSec SOCRadar
Domain	www.truesec.com	Extraido del contenido	VT OffSec SOCRadar
Domain	unit42.paloaltonetworks.com	Extraido del contenido	VT OffSec SOCRadar
Domain	www.group-ib.com	Extraido del contenido	VT OffSec SOCRadar
Domain	blog.morphisec.com	Extraido del contenido	VT OffSec SOCRadar

← Volver al panel de inteligencia

Incidentes recientes

BushidoUK ToolMatrix ThreatIntel: ExtraThreatIntel

Key Points

ThreatIntel: ExtraThreatIntel.md

Extra Threat Intel

Referencias

Diamond Model

Relations

Indicadores de Compromiso (IOCs)

Referencias y enlaces

Incidentes recientes