Overview

Brute Ratel C4 (Customised Command and Control Centre) is a commercial, full-featured, remote access tool that is incorporated as an adversary simulation software designed to execute targeted attacks and emulate the postexploitation actions of advanced threat actors. including APT291. Brute Ratel’s interactive post-exploit capabilities cover the full range of Mite ATT&CK techniques, all of which are executed within a single, integrated system. Brute Ratel C4 is equipped with debugger programming that detects Endpoint Detection and Response (EDR) monitoring. The framework then takes action to avoid triggering detection, making the software particularly dangerous to network security. Additionally, Brute Ratel C4 is a malware as a service, therefore resulting in a vast scope of exploitability. The malware is primarily distributed via phishing emails and exploiting Dynamic Link Library (DLL) hijacking vulnerabilities in Windows operating systems. Brute Ratel C4 has also been implemented in conjunction with other malware variants such as Cobalt Strike and Qakbot.