test_scratch
/
cti-ATT-CK-v13.1
/enterprise-attack
/tool
/tool--75d8b521-6b6a-42ff-8af3-d97e20ce12a5.json
| { | |
| "type": "bundle", | |
| "id": "bundle--156be571-2633-44f1-a11a-b50432e7bbab", | |
| "spec_version": "2.0", | |
| "objects": [ | |
| { | |
| "modified": "2023-04-17T21:44:03.462Z", | |
| "name": "Brute Ratel C4", | |
| "description": "[Brute Ratel C4](https://attack.mitre.org/software/S1063) is a commercial red-teaming and adversarial attack simulation tool that first appeared in December 2020. [Brute Ratel C4](https://attack.mitre.org/software/S1063) was specifically designed to avoid detection by endpoint detection and response (EDR) and antivirus (AV) capabilities, and deploys agents called badgers to enable arbitrary command execution for lateral movement, privilege escalation, and persistence. In September 2022, a cracked version of [Brute Ratel C4](https://attack.mitre.org/software/S1063) was leaked in the cybercriminal underground, leading to its use by threat actors.(Citation: Dark Vortex Brute Ratel C4)(Citation: Palo Alto Brute Ratel July 2022)(Citation: MDSec Brute Ratel August 2022)(Citation: SANS Brute Ratel October 2022)(Citation: Trend Micro Black Basta October 2022)", | |
| "x_mitre_platforms": [ | |
| "Windows" | |
| ], | |
| "x_mitre_deprecated": false, | |
| "x_mitre_domains": [ | |
| "enterprise-attack" | |
| ], | |
| "x_mitre_version": "1.0", | |
| "x_mitre_contributors": [ | |
| "Sittikorn Sangrattanapitak", | |
| "Daniel Acevedo, @darmad0, ARMADO" | |
| ], | |
| "x_mitre_aliases": [ | |
| "Brute Ratel C4", | |
| "BRc4" | |
| ], | |
| "type": "tool", | |
| "id": "tool--75d8b521-6b6a-42ff-8af3-d97e20ce12a5", | |
| "created": "2023-02-07T20:26:58.792Z", | |
| "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", | |
| "revoked": false, | |
| "external_references": [ | |
| { | |
| "source_name": "mitre-attack", | |
| "url": "https://attack.mitre.org/software/S1063", | |
| "external_id": "S1063" | |
| }, | |
| { | |
| "source_name": "BRc4", | |
| "description": "(Citation: Palo Alto Brute Ratel July 2022)" | |
| }, | |
| { | |
| "source_name": "MDSec Brute Ratel August 2022", | |
| "description": "Chell, D. PART 3: How I Met Your Beacon \u2013 Brute Ratel. Retrieved February 6, 2023.", | |
| "url": "https://www.mdsec.co.uk/2022/08/part-3-how-i-met-your-beacon-brute-ratel/" | |
| }, | |
| { | |
| "source_name": "Dark Vortex Brute Ratel C4", | |
| "description": "Dark Vortex. (n.d.). A Customized Command and Control Center for Red Team and Adversary Simulation. Retrieved February 7, 2023.", | |
| "url": "https://bruteratel.com/" | |
| }, | |
| { | |
| "source_name": "Palo Alto Brute Ratel July 2022", | |
| "description": "Harbison, M. and Renals, P. (2022, July 5). When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors. Retrieved February 1, 2023.", | |
| "url": "https://unit42.paloaltonetworks.com/brute-ratel-c4-tool/" | |
| }, | |
| { | |
| "source_name": "Trend Micro Black Basta October 2022", | |
| "description": "Kenefick, I. et al. (2022, October 12). Black Basta Ransomware Gang Infiltrates Networks via QAKBOT, Brute Ratel, and Cobalt Strike. Retrieved February 6, 2023.", | |
| "url": "https://www.trendmicro.com/en_us/research/22/j/black-basta-infiltrates-networks-via-qakbot-brute-ratel-and-coba.html" | |
| }, | |
| { | |
| "source_name": "SANS Brute Ratel October 2022", | |
| "description": "Thomas, W. (2022, October 5). Cracked Brute Ratel C4 framework proliferates across the cybercriminal underground. Retrieved February 6, 2023.", | |
| "url": "https://www.sans.org/blog/cracked-brute-ratel-c4-framework-proliferates-across-the-cybercriminal-underground/" | |
| } | |
| ], | |
| "object_marking_refs": [ | |
| "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" | |
| ], | |
| "labels": [ | |
| "tool" | |
| ], | |
| "x_mitre_attack_spec_version": "3.1.0", | |
| "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" | |
| } | |
| ] | |
| } |