Rhadamanthys Stealer

Malware updated a month ago (2024-11-29T13:56:44.795Z)

Download STIX

Preview STIX

Rhadamanthys Stealer is a malicious software that has been extensively tracked by Check Point Research (CPR) since July 2024. The malware is part of an ongoing, large-scale and sophisticated phishing campaign that deploys the latest version of Rhadamanthys Stealer (0.7). This malware infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once it infiltrates a system, it can steal personal information, disrupt operations, or even hold data for ransom. The Rhadamanthys Stealer has evolved over time, with its newest version (0.7) featuring innovative capabilities such as an AI-powered OCR (optical character recognition) module. This advanced feature was highlighted in Insikt Group’s analysis of the malware. Both cybercriminals and state-sponsored actors have adopted the use of Rhadamanthys Stealer. For instance, in one campaign tied to Handala, a persona linked to Void Manticore, the malware was distributed under the guise of an F5 update. This marked their first use of the stealer, which they continued to deploy in subsequent campaigns impersonating Israeli and international companies. Throughout 2024, CPR monitored threat actors' activities leveraging the Rhadamanthys Stealer, including its use by Void Manticore, an Iranian actor operating in Israel and Albania. In August 2023, another group called the Flamingo group was observed using a leaked LockBit payload bundled with the Rhadamanthys Stealer. As the malware continues to evolve and be used in various cybercrime activities, ongoing efforts to study and counteract its deployment are crucial.

Description last updated: 2024-11-06T18:03:55.280Z

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Rhadamanthys is a possible alias for Rhadamanthys Stealer. Rhadamanthys is a sophisticated and notorious malware, known for its ability to steal sensitive information. It has been utilized by various threat actors, including nation-state entities such as Iran's Void Manticore and the pro-Palestine group "Handala." Its deployment often involves phishing tact	4

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Rhadamanthys Stealer Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Checkpoint	2 months ago	11th November – Threat Intelligence Report - Check Point Research
DARKReading	2 months ago	Fake Copyright Infringement Emails Spread Rhadamanthys
Checkpoint	2 months ago	CopyRh(ight)adamantys Campaign: Rhadamantys Exploits Intellectual Property Infringement Baits - Check Point Research
Securityaffairs	3 months ago	Security Affairs newsletter Round 492 by Pierluigi Paganini – INTERNATIONAL EDITION
Recorded Future	3 months ago	Rhadamanthys Stealer v0.7.0: A Rising Threat in the Cybercrime Ecosystem
Recorded Future	3 months ago	Rhadamanthys Stealer v0.7.0: A Rising Threat in the Cybercrime Ecosystem
CERT-EU	10 months ago	LockBit Attempts to Stay Afloat with a New Version \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
DARKReading	2 years ago	Google Ads Abused to Lure Corporate Workers to LOBSHOT Backdoor
CSO Online	2 years ago	Threat group targets over 1,000 companies with screenshotting and infostealing malware