Sunday, December 4

Brute Ratel C4: A Loose Hacking Tool | Digital Trends Spanish

A dangerous post-exploitation toolkit, first used with cybersecurity purposeshas now been cracked and leaked to hacking communities.

The toolkit is being shared on many different websites, and the potential repercussions could be huge now that it can fall into the hands of various threat actors.

bleeping computer

This could be bad. The post-exploitation toolkit in question, called Brute Ratel C4, was initially created by Chetan Nayak. Nayak is a former member of the red team, which means his job included trying to violate the values ​​of a certain network, which was being actively defended by those on the blue team. Afterwards, both teams discuss how it went and if there are any security flaws to improve.

Brute Ratel was created for that exact purpose. It was made for “red teamers” to use, with the ultimate purpose of being able to remotely execute commands on a compromised network. This would grant the attacker access to the rest of the network in an easier way.

Cobalt Strike is seen as a tool similar to Brute Ratel, and that tool has been heavily abused by ransomware gangs, so it is quite easy to detect. Brute Ratel hasn’t been that widely spread until now, and it has a license verification system that mostly kept hackers at bay. Nayak can revoke the license of any company found to be fake or misusing the tool.

Unfortunately, that is now a thing of the past, because a cracked version of the tool started circulating. It was first uploaded to VirusTotal in its uncracked state, but a Russian group called Molecules was able to crack it and completely remove the license requirement. This means that now, any potential hacker can get his hands on it if he knows where to look.

Will Thomas, a cyber threat intelligence researcher, published a report about the cracked version of the tool. It has already spread to many English and Russian speaking communities, including CryptBB, RAMP, BreachForums, Exploit[.] in, xss[.] es, and the Telegram and Discord groups.

Person typing on a computer keyboard.

“There are now multiple posts on multiple of the most populous cybercrime forums where data brokers, malware developers, early access brokers, and ransomware affiliates hang out,” Thomas said in the report. In a conversation with bleeping computerThomas said the tool works and no longer requires a license key.

Thomas explained the potential dangers of the technology, saying: “One of the most worrying aspects of the BRC4 tool for many security experts is its ability to generate shellcode that is not detected by many EDR and AV products. This extended window of detection evasion can give threat actors enough time to establish initial access, begin lateral movement, and achieve persistence elsewhere.”

Knowing that this powerful tool is out there, in the hands of hackers who should never have had access to it, is definitely terrifying. Hopefully antivirus software developers can beef up defenses against Brute Ratel soon enough.

Publisher Recommendations