Brc4

Brc4 is a malicious software (malware) associated with Brute Ratel C4, the latest red-teaming and adversarial attack simulation tool available on the market. The malware can infiltrate your system via suspicious downloads, emails, or websites, often without your knowledge. Once inside, it can steal personal information, disrupt operations, or hold your data for ransom. A specific sample of this malware contained a harmful payload, and an analysis revealed similarities between this sample and a recent APT29 sample. This blog provides a comprehensive overview of BRc4, including a detailed examination of the malicious sample, a comparison of its packaging with a recent APT29 sample, and a list of indicators of compromise (IoCs) that can be used to detect this activity. The scope of the malware expands into the top 20 Command and Control (C2) detections, revealing a diverse C2 environment that includes new families like Brute Ratel (BRc4) and BumbleBee, alongside mainstays such as PlugX, AsyncRAT, IcedID, and DarkComet. The detection methods documented in v1.0 for post-exploitation actions, such as suspicious copy-on-write operations, remain effective for detecting post-exploitation by BRC4. According to the release post, BRc4 employs a mixture of "Asynchronous Procedure Calls, Windows Event Creation, Wait Objects, and Timers." The ISO for the malware was assembled on May 17, 2022, coinciding with the release date of the new BRc4. In terms of features, BRc4 advertises capabilities such as a customized command and control center for red team and adversary simulation. As of May 16, Nayak announced that the tool had attracted 480 users across 350 customers. With its pricing and customer base, BRc4 is positioned to generate over $1 million in sales over the next year.