Brute Ratel a commercial Red Team Operations framework developed by Chetan Nayak, an expert red teamer, has been used by attackers both in cybercrime and APT operations. This Red Team framework is designed to be capable of being highly evasive and undetectable by security products, as demonstrated by many shellcodes intercepted through hunting activities with zero detection rate on VirusTotal platform.
On 13 September an archive containing a leaked version of Bruteratel 1.2.2 named “BruteRatel_1.2.2.Scandinavian_Defense.tar.gz” was uploaded on VirusTotal and in the next days shared among the cyber criminals on underground forums and popular Telegram channels. Upon the release of the leaked version, Yoroi decided to track the malicious campaigns leveraging this pentesting framework in order to identify how many actors are using it in malicious cyber-attacks.
- RiskIQ: Fingerprinting Brute Ratel C4