Threat Synopsis – Red Team Tools
Over the years Threat Actors have steadily adopted the use of red team tools (sometimes referred to as offensive security tools), most notably Cobalt Strike. These tools have tremendous power, utility and are steadily updated with new capabilities and techniques to evade detection or perform actions in a compromised environment. Recently a Red Team tool with EDR evasion focus, called Brute Ratel made its way into Threat Actors’ hands. This tool specifically works diligently to evade EDR tools that may prevent its delivery, installation, execution or post execution commands. Although these tools are designed for security professionals to find potential vulnerabilities and breach systems in order to better prepare an organization for cyberattacks in the future, they are more commonly being utilized by Threat Actors for their robustness.
This collection is aimed at providing Hunt Packages to best identify delivery, installation or post compromise activities related to Red Team tools. It is important to note that while some Hunt Packages may focus specifically on a given tool, some Hunt Packages are included in this collection that identify common delivery techniques employed by users of these tools, where its known the end goal is to install a Red Team tool. Identifying the delivery of these tools can be very beneficial, as to capture the activity as close to the beginning of the attack is crucial for limiting impacts impact and scope.
Threat Summary
This collection of threat Hunt Packages gives visibility to a number of techniques that are observed within Red Team Toolsets that can be (and have been) abused by malicious actors and malware vari ..
Support the originator by clicking the read the rest link below.
