AI ransomware toolkit automates EDR evasion and AD discovery
▼ Summary
– A threat actor used AI tools like Cursor and Claude Opus to build a ransomware toolkit that automates Active Directory discovery and evades endpoint detection and response (EDR) solutions.
– The toolkit includes Cobalt Strike profiles, a Telegram bot-based command and control mechanism, Python scripts for shellcode injection, and a Cloudflare Worker redirector.
– Despite AI assistance in development, the workflow is entirely human-driven, and no AI was embedded in deployed malware or operated autonomously in victim environments.
– The framework was used for criminal ransomware activity, confirmed by Cobalt Strike logs referencing ransom notes and a data leak site, not legitimate red team operations.
– AI agents extracted bypass techniques from security research, mapped them to MITRE ATT&CK, and iteratively tested over 70 techniques against EDR tools from Sophos, CrowdStrike, and Microsoft.
A cybercriminal is leveraging an AI-assisted ransomware attack toolkit designed to automate Active Directory discovery and evade endpoint detection and response (EDR) solutions. The development of both the tool and its payloads was supported by Cursor and Claude Opus agents, which handled initial coding, analysis, and revisioning. Some agents were also tasked with scanning security research posts for various bypass techniques.
The resulting malware was tested in virtual environments against EDR tools from Sophos, CrowdStrike, and Microsoft. Although the research and development process was orchestrated with AI technology, researchers emphasize that the workflow remains entirely human-driven.
Rapid EDR-bypass development
Researchers at Sophos detected activity from the toolkit on a system within a customer environment, triggering alerts for payloads stored in `C:\Users\User\Documents\test`. The malicious files indicated they were part of an attack framework focused on evading detection. Components included Cobalt Strike profiles designed to make beacon traffic resemble legitimate web requests, a Telegram bot API-based external command and control (C2) mechanism that routed communication through Telegram’s infrastructure, Python-based malware development scripts for injecting shellcode into legitimate Windows executables while preserving original functionality, and a Cloudflare Worker acting as a front-end redirector to obscure the backend C2 server.
While the tool may appear to be a “red team” post-exploitation framework, researchers confirm it is used in cybercriminal activity related to ransomware. “Our initial assessment included the possibility that a legitimate Red Team was engaged, but our investigation revealed further artifacts that indicated malicious and criminal activity,” Sophos told BleepingComputer. The discovery of Cobalt Strike operator logs containing entries pointing to a ransom note and details on multiple organizations listed on a ransomware data leak site clarified that the framework was used for cybercrime operations.
Agentic malware development
In a report published today, Sophos states that multiple Python scripts on the compromised host were written in Russian and generated with the help of AI tools. During the investigation, researchers found a Git repository with components related to “an automated Active Directory (AD) discovery panel and a lab that uses an iterative approach to developing and testing malware against the Sophos, CrowdStrike, and Windows Defender endpoint detection and response (EDR) agents.”
The AD discovery process is driven by collecting observations from completed tasks and selecting the next action from predefined choices. The next step is delegated to remote agents, with results being reassessed. The framework employs multiple AI agents, each with a distinct role. For example, a Claude Opus 4.5 agent acts as the coordinator of the R&D process, while others handle testing, OPSEC hardening, documentation, proxy stress testing, VM deployment, and related tasks.
During development, some agents documented bypass techniques from research by Kaspersky, Palo Alto Networks, Bishop Fox, and SpecterOps, as well as details published in social media posts. The agents extracted the techniques, mapped them to the MITRE ATT&CK knowledge base of adversary behaviors, identified what was needed for reproduction, prepared a test lab, executed the technique, and reported the outcome.
The main component in the malicious framework is a Python tool that generates payloads, mostly in Rust and Go, based on an evasion technique. Close to 80 modules were generated and tested against more than 70 techniques. “This modular Windows payload loader generator wraps a raw payload in layers of encryption, evasion, and alternative execution techniques, producing custom-built executables or DLLs intended to resist sandboxing, antivirus, and EDR detection,” Sophos explains.
Although the agents initially suggested a high failure rate, the modules appeared to bypass almost all EDR solutions after several iterations. However, Sophos noted discrepancies between the test output and the framework’s internal reporting in some instances, though the reasons remain unclear.
Sophos found no evidence that AI was embedded in deployed malware or operating independently in victim environments. Instead, the technology was used to accelerate the iterative process of developing, testing, and refining payloads against security products. AI tools are shortening the period between the publication of offensive security research and its practical implementation by threat actors.
(Source: BleepingComputer)
