AI-built Ransomware Toolkit Automates EDR Evasion and AD Discovery
A threat actor is utilizing an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response (EDR) solutions, according to researchers at Sophos.
The toolkit was developed with the assistance of AI agents, including Cursor and Claude Opus, which were used in various stages of development, including initial coding, analysis, and revisioning. The agents were also tasked with checking security research posts for various bypass techniques.
Rapid EDR-bypass Development
Researchers at Sophos detected activity from the toolkit on a system at a customer environment, which triggered alerts for payloads stored in C:\\Users\\User\\Documents\\test. The malicious files suggested they were part of an attack framework that focused on evading detection.
- Cobalt Strike profiles designed to make beacon traffic resemble legitimate web requests
- A Telegram bot API–based external command and control (C2) mechanism that routed communication through Telegram’s infrastructure rather than using direct connections
- Python-based malware development scripts for injecting shellcode into legitimate Windows executables while preserving original functionality
- A Cloudflare Worker acting as a front-end redirector to obscure the actual backend C2 server
The researchers note that while the tool may appear as a “red team” post-exploitation framework, it is used in cybercriminal activity related to ransomware. The discovery of entries pointing to a ransom note and details on multiple organizations listed on a ransomware data leak site clarified that the framework was used for cybercrime operations.
Agentic Malware Development
Multiple Python scripts on the compromised host were written in Russian and generated with the help of AI tools. The researchers found a Git repository with components related to an automated Active Directory (AD) discovery panel and a lab that uses an iterative approach to developing and testing malware against the Sophos, CrowdStrike, and Windows Defender endpoint detection and response (EDR) agents.
AD discovery is driven by collecting observations from completed tasks and selecting the next action from predefined choices. The next step is delegated to remote agents, with results being reassessed. The framework has multiple AI agents, each with a distinct role and function.
For instance, a Claude Opus 4.5 agent acts as the coordinator of the R&D process, while others handle testing, OPSEC hardening, documentation, proxy stress testing, VM deployment, and other related tasks. For the development stage, some agents documented bypass techniques in research from Kaspersky, Palo Alto Networks, Bishop Fox, and SpecterOps, as well as details published in social media posts.
EDR Bypass Development Workflow
The agents extracted the techniques, mapped them to the MITRE ATT&CK knowledge base of adversary behaviors, identified what was needed for reproduction, prepared a test lab, executed the technique, and reported the outcome. The main component in the malicious framework is a Python tool that generates payloads, mostly in Rust and Go, based on an evasion technique.
Close to 80 modules were generated and tested against more than 70 techniques. This modular Windows payload loader generator wraps a raw payload in layers of encryption, evasion, and alternative execution techniques, producing custom-built executables or DLLs intended to resist sandboxing, antivirus, and EDR detection.
“This modular Windows payload loader generator wraps a raw payload in layers of encryption, evasion, and alternative execution techniques, producing custom-built executables or DLLs intended to resist sandboxing, antivirus, and EDR detection” - Sophos
While the agents initially suggested a high failure rate, the modules appeared to bypass almost all EDR solutions after several iterations. However, Sophos noticed discrepancies between the test output and the framework’s internal reporting in some instances, although the reasons are unclear.
Sophos found no evidence that AI was embedded in deployed malware or operating independently in victim environments. Instead, the technology was used to accelerate the iterative process of developing, testing, and refining payloads against security products. AI tools are shortening the period between the publication of offensive security research and its practical implementation by threat actors.
Source: BleepingComputer