AN open server hosted on a German cloud provider’s systems has been discovered, containing the entire toolset of a member of the Beast ransomware group, exposing both the actor’s TTPs and the fact that Beast shares many of those tactics with other ransomware gangs. According to threat-intelligence firm Team Cymru, the ransomware toolset includes those used for reconnaissance, network mapping, credential theft and exfiltration, as well as techniques for persistence and moving laterally through the local environment.
Many of the tools, such as AnyDesk for remote management and Mega for downloads, have both legitimate and malicious uses and are commonly used by many ransomware groups, says Will Thomas, senior threat intelligence advisor for Team Cymru. Read more at DarkReading.