BushidoUK ToolMatrix GroupProfiles: ScatteredSpider

GroupProfiles: ScatteredSpider.md

Recurso del BushidoUK Ransomware Tool Matrix - GroupProfiles.

Scattered Spider's Tools

| Discovery | RMM Tools | Defense Evasion | Credential Theft | OffSec | Networking | LOLBAS | Exfiltration |

|---|---|---|---|---|---|---|---|

| ADExplorer | ASG Remote Desktop | Bedevil | aws_consoler | CIMplant | Cloudflared | PsExec | Cyberduck |

| ADRecon | BeAnywhere | | GitGuardian | Impacket | OpenSSH | | Dropbox |

| AWS Systems Manager Inventory | Chrome Remote Desktop | | Jecretz | LAPS Toolkit | Ngrok | | FileZilla |

| ManageEngine LANDESK | Domotz | | MAGNET RAM Capture | LINpeas | NSOCKS | | MEGA |

| PDQ Inventory | DWAgent | | Mimikatz | MicroBurst | Plink | | RClone |

| PingCastle | Fleetdeck | | MIT Kerberos Ticket Manager | Pacu | Proxifier | | S3 Browser |

| RustScan | ITarian | | ProcDump | | Rsocx | | |

| RVTools | Level[.]io | | Snaffler | | Socat | | |

| SharpHound | ManageEngineRMM | | Trufflehog | | Sshimpanzee | | |

| VMware PowerCLI | MobaXterm | | Volatility | | Tailscale | | |

| Get-ADUser | Parsec | | | | TrueSocks | | |

| | Pulseway | | | | Wstunnel | | |

| | RemotePC | | | | Pinggy | | |

| | RPort | | | | Teleport | | |

| | RSAT | | | | Chisel | | |

| | RustDesk | | | | TryCloudflare | | |

| | ScreenConnect | | | | Twingate | | |

| | Sorillus | | | | | | |

| | Splashtop | | | | | | |

| | TacticalRMM | | | | | | |

| | TeamViewer | | | | | | |

| | TightVNC | | | | | | |

| | TrendMicro Basecamp | | | | | | |

| | Xeox | | | | | | |

| | ZeroTier | | | | | | |

| | ZohoAssist | | | | | | |

> [!NOTE]

> This is the list of tools that have been observed during various intrusions that lead to Scattered Spider's ransomware deployment (previously BlackCat, RansomHub, or Qilin).

#### Sources

| Date Published | Report |

|---|---|

| 2 July 2025 | https://www.crowdstrike.com/en-us/blog/crowdstrike-services-observes-scattered-spider-escalate-attacks/ |

| 8 March 2024 | https://unit42.paloaltonetworks.com/muddled-libra |

| 22 February 2024 | https://blog.sekoia.io/scattered-spider-laying-new-eggs |

| 16 November 2023 | https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a |

| 20 September 2023 | https://permiso.io/blog/lucr-3-scattered-spider-getting-saas-y-in-the-cloud |

| 14 September 2023 | https://cloud.google.com/blog/topics/threat-intelligence/unc3944-sms-phishing-sim-swapping-ransomware |

| 2 December 2022 | https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies |

| 23 April 2024 | https://redcanary.com/threat-detection-report/trends/rmm-tools/ |

Referencias

• Source: GroupProfiles/ScatteredSpider.md
• BushidoUK Tool Matrix