Brute Ratel post-exploitation kit shared in hacking forums

BleepingComputer reports that threat actors have been sharing the Brute Ratel C4 post-exploitation toolkit developed by former Mandiant and CrowdStrike red teamer Chetan Nayak across Russian- and English-speaking hacking forums. "There are now multiple posts on multiple of the most populated cybercrime forums where data brokers, malware developers, initial access brokers, and ransomware affiliates all hang out. This includes BreachForums, CryptBB, RAMP, Exploit[.]in, and Xss[.]is, as well as various Telegram and Discord groups," said cyber threat intelligence researcher Will Thomas in a report. Cracked Brute Ratel C4 version 1.2.2 has been shared in the Breached and XSS forums since the middle of September. While Nayak said that licenses for malicious Brute Ratel use could initially be revoked, such license check has been removed once Russian threat group Molecules cracked the uncracked version uploaded to VirusTotal. With many extended detection and response and antivirus products unable to detect BRC4-generated shellcode, more threat actors are expected to leverage the toolkit in attacks, noted Thomas.