#OperationEndgame3: 1025 Server von Netz genommen | Security https://www.heise.de/news/Operation-Endgame-3-1025-Server-von-Netz-genommen-11077049.html #OperationEndgame #Malware #Infostealer #Botnet #Elysium #VenomRAT #Rhadamanthys
#VenomRAT
Lees tip -> Operatie Endgame schakelt grote cybernetwerken uit | In Operatie Endgame zijn grote cybernetwerken uitgeschakeld, met aanhoudingen, neergehaalde servers en verstoring van infostealers, botnets en RAT’s door internationale samenwerking. | #botnet #cybercrime #Europol #hacking #infostealers #internationalesamenwerking #OperatieEndgame #politie #ransomware #Rhadamanthys #VenomRAT |
https://hbpmedia.nl/operatie-endgame-cybernetwerken-uitgeschakeld/
Operation Endgame: Son aşamada üç siber suç örgütü çökertildi
#venomrat #endgame #Rhadamanthys
https://webrecord.media/operation-endgame-son-asamada-uc-siber-suc-orgutu-cokertildi/
Proofpoint is proud to have assisted law enforcement in the #OperationEndgame investigation that led to the November 13, 2025 disruption of #Rhadamanthys and #VenomRAT, both #malware used by multiple cybercriminals.
• Rhadamanthys: https://brnw.ch/21wXs1N
• VenomRAT: https://brnw.ch/21wXs1O
---
Since May 2024, Operation Endgame—a global law enforcement and private sector effort that includes Proofpoint—has significantly disrupted the #malware and #botnet ecosystem.
👉 #Europol called the May 2024 Operation Endgame actions “the largest ever operation against botnets.”
👉 In May 2025, additional malware families and their creators, including #DanaBot, were taken down.
---
Each disruption forces threat actors to adapt and invest time and resources to retool their attack chains.
With our unique visibility and leading detection capabilities, Proofpoint researchers will continue monitoring the threat landscape and provide insight into the biggest cyber threats to society.
Operation Endgame’s latest phase targeted the infostealer #Rhadamanthys, Remote Access Trojan #VenomRAT, and the botnet #Elysium.
https://www.europol.europa.eu/media-press/newsroom/news/end-of-game-for-cybercrime-infrastructure-1025-servers-taken-down
👮 Operation « Endgame » (operation-endgame.com) #europol #malware #botnet #rhadamanthys #venomrat #threats [ https://europol.europa.eu/media-press/newsroom/news/end-of-game-for-cybercrime-infrastructure-1025-servers-taken-down ]
Many of the victims were not aware of the infection of their systems. Check if your Windows has been infected and what to do if so : [ https://www.politie.nl/checkyourhack ] & [ https://haveibeenpwned.com ]
And it's out!
End of the game for cybercrime infrastructure: 1025 servers taken down
Between 10 and 13 November 2025, the latest phase of Operation Endgame was coordinated from Europol’s headquarters in The Hague. The actions targeted one of the biggest infostealer Rhadamanthys, the Remote Access Trojan VenomRAT, and the botnet Elysium, all of which played a key role in international cybercrime. Authorities took down these three large cybercrime enablers. The main suspect for VenomRAT was arrested in Greece on 3 November 2025.
#OperationEndgame #rhadamanthys #infostealer #VenomRAT #Elysium
RevengeHotels: a new wave of attacks leveraging LLMs and VenomRAT
#RevengeHotels #VenomRAT
https://securelist.com/revengehotels-attacks-with-ai-and-venomrat-across-latin-america/117493/
🎣 Phishing Campaign
====================
🎯 Threat Intelligence
Executive summary: RevengeHotels, tracked as TA558, has launched a new campaign focused on targets in Latin America. The operation combines social‑engineering lures generated or refined with LLMs and a multi‑stage payload delivery that includes VenomRAT as a secondary implant.
Technical details: The research attributed to Kaspersky GReAT describes an initial infection vector using convincing lures (reports indicate use of large language models to craft messages and
attachments) followed by deployment of a malicious implant and a second loading step that delivers VenomRAT. Additional behaviours reported include USB spreading and anti‑kill mechanisms intended to maintain persistence and hinder remediation.
Analysis & impact: The group’s historical goal of payment‑card harvesting aligns with observed tooling and TTPs; VenomRAT provides remote access and data‑collection capabilities that enable payment‑card skimming and exfiltration. Use of LLMs to tailor lures increases phishing efficacy and may broaden victim scope across industries in the region.
Detection: Monitor for anomalous post‑delivery processes and new persistence artifacts, uncommon USB autorun or device enumeration activity, and network connections associated with known VenomRAT command‑and‑control patterns. Endpoint telemetry showing staged downloads after opening social‑engineering attachments is a high‑value detection signal. No precise IoCs were included in the supplied excerpt.
Mitigation: Enforce multi‑layer controls: block known malicious file types at mail gateways, apply strict device control policies for removable media, enforce EDR detections for process injection and persistence modification, and treat unsolicited attachments with elevated suspicion, especially those leveraging sophisticated social engineering likely crafted by LLMs.
References & caveats: Findings are derived from a Kaspersky GReAT report; technical artifacts and IoCs were not fully available in the supplied text. Further validation against full indicators is recommended.
🔹 RevengeHotels #VenomRAT #TA558 #LLM
🔗 Source: https://securelist.com/revengehotels-attacks-with-ai-and-venomrat-across-latin-america/117493/
Unmasking AsyncRAT: Navigating the labyrinth of forks
#AsyncRAT #DCRat #VenomRAT #BoratRAT #NonEuclidRAT #JasonRAT #XieBroRAT
https://www.welivesecurity.com/en/eset-research/unmasking-asyncrat-navigating-labyrinth-forks/
#VenomRAT SHA256: 790ad5ecf68826a5ccca3535f67bb917b588f0f07f09536da1b832641359fb7e C2: 81[.]8[.]21[.]61:4449,
#malware #opendir ultimately #venomrat + #hvnc:
https://carltonsfile\.com/mor1/ -> https://paste\.ee/d/c7nSA2yM/0
c2: 109.248.144.175:4449
4541fd01a19f1e484f24eff86f42ac36ea9b30686fd405ca0a50f3e517657a61
NEW🚨- Hackers are hiding the notorious #VenomRAT malware inside Virtual Hard Disk (VHD) image files.
Read: https://hackread.com/hackers-hide-venomrat-malware-virtual-hard-disk-files/
Forcepoint's Prashant Kumar describes a current technique threat actors use to bypass security measures, deliver malware, infect systems and exfiltrate data, all by using a virtual hard disk image (VHD) file to host and distribute the #VenomRAT malware.
https://www.forcepoint.com/blog/x-labs/venomrat-malware-uses-virtual-hard-drives
2025-02-25 (Tuesday): #VenomRAT from #malspam uses zip attachment containing a VHD file containing a VBS file. Calls Pastebin link for C2 server information. Details at https://github.com/malware-traffic/indicators/blob/main/2025-02-25-IOCs-for-Venom-RAT-activity.txt
When the threat actor REALLY wants it to run... #venomrat c2:
176.65.142.172:4449
http://trackingshipmentt\.xyz:9394/
http://trackmyshipeng\.site:9094/
https://app.any.run/tasks/086f767d-cb57-46d0-80f6-1d771148444e/
Анализ фишинга с Venom RAT
В начале апреля в организации Российской Федерации (и не только) пришли письма от неизвестного отправителя. В содержимом письма, кроме пожелания хорошего дня и просьбой ответить «скорее», находился RAR архив, а внутри архива *.bat файл. После проверки содержимого в песочнице были предоставлены некоторые артефакты, указывая, что в письме явно содержится что-то подозрительное, но определить наверняка, вредонос это или нет СЗИ не удалось. Зато были указаны некоторые составляющие bat файла: обфусцированные строки PowerShell. Этого было достаточно чтобы начать анализ содержимого, найти IoC’и, и посмотреть на наличие таковых в трафике от организации. К анализу.
#ScrubCrypt used to drop #VenomRAT along with many malicious plugins
https://securityaffairs.com/161639/cyber-crime/scrubcrypt-venomrat-plugins.html
#securityaffairs #hacking #malware
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst