{
  "name": "Rhadamanthys 0.9.x - walk through the updates",
  "slug": "rhadamanthys-09x-walk-through-the-updates",
  "description": "Rhadamanthys, a complex multi-modular stealer, has released version 0.9.2 with significant updates. The malware now uses PNG files to deliver payloads, implements new evasion techniques, and introduces changes to its custom executable formats. Key modifications include a new message box mimicking Lumma stealer, updates to string encryption, and enhanced configurability. The malware continues to evolve, focusing on refinements and customization options while maintaining its core design. These changes aim to disrupt analysis tools and detection methods. The authors are professionalizing their operation, treating Rhadamanthys as a long-term business venture with tiered pricing and expanded product offerings.",
  "published": "2025-10-01T18:28:13+00:00",
  "created_at": "2025-10-01T18:28:13+00:00",
  "modified_at": "2025-10-01T20:26:22+00:00",
  "created_at_opencti": "2025-10-01T18:28:13+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2025-10-01",
    "configurability",
    "custom formats",
    "encryption",
    "evasion",
    "png payload",
    "rhadamanthys",
    "stealer"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "193.84.71.81"
      },
      {
        "id": "",
        "name": "193.233.126.43"
      },
      {
        "id": "",
        "name": "192.30.242.210"
      },
      {
        "id": "",
        "name": "193.23.216.48"
      },
      {
        "id": "",
        "name": "eb5558d414c6f96efeb30db704734c463eb08758a3feacf452d743ba5f8fe662"
      },
      {
        "id": "",
        "name": "df24d62310c018ba8817f0b70788e6bec546f234bb56116f90bf5b7f19c87901"
      },
      {
        "id": "",
        "name": "d8d2bae5ec1ade8770ad2d6fc323b2ccc459919643cbe8d67e6a5b11094a4d85"
      },
      {
        "id": "",
        "name": "d14d10fdcd7a6f0c095e2bb525fe21d8970c508c0475913bd9bd1c96067bcb04"
      },
      {
        "id": "",
        "name": "cbdb3d2e0a845b134576fabcc2260aa5bd995b9f3b43483ab704c6787409012d"
      },
      {
        "id": "",
        "name": "cbca01435be6348ce4c58cc86c2900f3d99dc806ea38dbdfbb8d6291af17fce4"
      },
      {
        "id": "",
        "name": "cb555f5cb3e40c4db0fba7953ffc56e978a599233f80512e019e4c94fd69892c"
      },
      {
        "id": "",
        "name": "cb0662d468b034530f88dee9204b3a1d3ff04d19345f417b2cce92a1940dc991"
      },
      {
        "id": "",
        "name": "c19716b262e928d83252d75a1ff262786df6cbb221132a0ada08ef3293c091b7"
      },
      {
        "id": "",
        "name": "b8cbb2a7270ac21c3e895f1b4965b1a17d7a1a6ea54c2c8ef19df49a26442779"
      },
      {
        "id": "",
        "name": "b43d35a26681c7f214ce3bd90af35bc3272008c169c5b1b4e7e6af7398e3e3c4"
      },
      {
        "id": "",
        "name": "b41fb6e936eae7bcd364c5b79dac7eb34ef1c301834681fbd841d334662dbd1d"
      },
      {
        "id": "",
        "name": "b429a3e21a3ee5ac7be86739985009647f570548b4f04d4256139bc280a6c68f"
      },
      {
        "id": "",
        "name": "b25d958bd91f85c14ca451dd6dbcea58507c8e92466f48cd2d2e04cef9d371af"
      },
      {
        "id": "",
        "name": "aeba4ece8c4bf51d9761e49fad983967e76c705a06999c556c099f39853f737c"
      },
      {
        "id": "",
        "name": "ad5ecfda322ac8fdde40f3ee57273abae35b5eb6ca96f2df0a91b8059e75d022"
      },
      {
        "id": "",
        "name": "ae26068833a65197c5ff2440d8ca06db393823ee1b5130dbf00d90da2120bf01"
      },
      {
        "id": "",
        "name": "a451cbfe093830cd4d907d10bc0f27ea51da53ece5456af2fe6b3b24d3df163e"
      },
      {
        "id": "",
        "name": "a9932ada2cf6bfb2614080e9a0068af03ee919657f16ef50d256fccd74ee2d44"
      },
      {
        "id": "",
        "name": "9d110b4e129be5d80253c4d890757f81c5135dcf6d1bbf0262fb554f0c885720"
      },
      {
        "id": "",
        "name": "8f54612f441c4a18564e6badf5709544370715e4529518d04b402dcd7f11b0fb"
      },
      {
        "id": "",
        "name": "8c12af846fc774e02dc5ec358f0a9fa7363538cef541e95ac65331ec18fbbe0b"
      },
      {
        "id": "",
        "name": "84bbe70b3089e578d69744bd8b030c3a6e724a6c3f4bdefda82fe5057f89c9ba"
      },
      {
        "id": "",
        "name": "7acae2490a0ff1ae3a31f89346fe4e0630259a344c2a6f38bf75f34f8fe9987e"
      },
      {
        "id": "",
        "name": "71ccf996f6ad9ac4ed001d3570de6754f7e26a846ed19b34e9b3b1b58abfe619"
      },
      {
        "id": "",
        "name": "67f00a03e76308a399f21498ebdd4accdb1879c908960e60f717e6d3cb9d05cf"
      },
      {
        "id": "",
        "name": "6415c029d241255bffaf057a8f1390b626c8069ba9a1432f0e8372c7ab68778a"
      },
      {
        "id": "",
        "name": "5a747f6d9d818fcfd90e0ff1ca393321ab7e10314f71e9db01cb1f451258f257"
      },
      {
        "id": "",
        "name": "59920d1fc7facb5b3b06b93da5b8ee3cbb15acb75f2bb36536e35b803a1f2222"
      },
      {
        "id": "",
        "name": "59722b8869d17c5a805dd9febe70295b78afd53e4f3b0e26cd76ea1e772e6818"
      },
      {
        "id": "",
        "name": "4f88d5cb69d44144b02f7ffd3d45cd86aaee12c3410898ce83712287a6b27fe4"
      },
      {
        "id": "",
        "name": "4ec1902e8cd21d2d5a65465111a1883920bb6c898189dac34d618766b1c4fa66"
      },
      {
        "id": "",
        "name": "41daeb92734388f9133a007cbc9c4d8058092b9d8192734be70b3106f0ca5d9f"
      },
      {
        "id": "",
        "name": "3ca87045da78292a6bba017138ff9ee42b4e626b64d0fee6d86a16cc3258c8c3"
      },
      {
        "id": "",
        "name": "36dd78abc304bd2cfbfc188a0b47320e3a4393f03657d69796a5616e3dac50c8"
      },
      {
        "id": "",
        "name": "3419dc2a3fb5bdba7f5d51634109066b0ceaeeae898a6748ce9eeaeb63fd1fb0"
      },
      {
        "id": "",
        "name": "271452e1c5e79d159f79886a65d4180814a7329c092d617372f127b6311d60f1"
      },
      {
        "id": "",
        "name": "24ddfd61c05b2f772caf85b44e9e58363a0cf345c6a9294a8416617f0b5b03cf"
      },
      {
        "id": "",
        "name": "24ce42c2fd4a95c1b86bbee9bce1e1cf255bd0022e19bab6bd591afd68b7efdb"
      },
      {
        "id": "",
        "name": "23a57ba898b5e91a2ead4e93c97710fe91dc917a7d11dc44b41304778565905f"
      },
      {
        "id": "",
        "name": "1f7213a32bce28cb3272ef40a7d63196b2e85f176bcfe7a2d2cd7f88f4ff93fd"
      },
      {
        "id": "",
        "name": "0fc149c1ed4a1040b9cf68076c17c4d005a121aca0a22385458a1980f7d24589"
      },
      {
        "id": "",
        "name": "11aabefa4eac0c2f22d0b2efdb7facd242d52765fe5167523112b980f096d9d1"
      },
      {
        "id": "",
        "name": "090b0ef20633785d11096cda04d9764bd46c9f5d9d3c02183009d2bf165abb82"
      },
      {
        "id": "",
        "name": "0500bd111464a1376e7efba2376eb1192cb4beb18278f62e460c8c8191f0cc5d"
      },
      {
        "id": "",
        "name": "a905226a2486ccc158d44cf4c1728e103472825fb189e05c17d998b9f5534d63"
      },
      {
        "id": "",
        "name": "fcb00beaa88f7827999856ba12302086cadbc1252261d64379172f2927a6760e"
      }
    ],
    "attack_patterns": [
      {
        "id": "7671fe3e-6a85-463e-928d-16117d2f4f9b",
        "name": "T1059.006"
      },
      {
        "id": "e1b18ecf-d74e-4fe6-9bd4-ca6a62e7d818",
        "name": "T1027.002"
      },
      {
        "id": "93b2c4dd-5523-4464-8976-78754ee372fd",
        "name": "T1012"
      },
      {
        "id": "32817170-4c07-427e-b8a5-80a733ae2550",
        "name": "T1497"
      },
      {
        "id": "667462db-9031-48eb-893a-05d35f9330a7",
        "name": "T1056.001"
      },
      {
        "id": "c9ee9b30-ba84-4c24-95e9-e8242d42af3f",
        "name": "T1071.001"
      },
      {
        "id": "7364ca96-72bf-4b7f-afef-ce2583b1ed58",
        "name": "T1562.001"
      },
      {
        "id": "a72ebeae-8e62-4039-8135-e9c611011fdc",
        "name": "T1573"
      },
      {
        "id": "70616b2f-4019-4963-b758-5d9f6f20e201",
        "name": "T1082"
      },
      {
        "id": "c473a756-355a-42ad-a0df-cd3a8fa006d1",
        "name": "T1057"
      },
      {
        "id": "cbd87c8c-3bed-461a-acef-56ffc8b87571",
        "name": "T1105"
      },
      {
        "id": "45082a8e-9c79-470e-ad1b-decac7188e8f",
        "name": "T1083"
      },
      {
        "id": "c3af9fd7-d307-4df4-9220-cc627938fb85",
        "name": "T1055"
      },
      {
        "id": "7d7ac733-6442-416f-8669-c302dd0843b9",
        "name": "T1036"
      },
      {
        "id": "0156fcda-e385-4662-b388-086c3e16feec",
        "name": "T1140"
      },
      {
        "id": "0c836307-129e-4ff7-a532-180c633cacba",
        "name": "T1027"
      },
      {
        "id": "6aa7866f-9c1f-4159-938a-10a6adf41646",
        "name": "T1553"
      },
      {
        "id": "09124a92-c11f-4571-b35b-ab0bce6dd081",
        "name": "T1112"
      }
    ]
  },
  "external_refs": [
    "https://research.checkpoint.com/2025/rhadamanthys-0-9-x-walk-through-the-updates",
    "https://otx.alienvault.com/pulse/68dd8edde79b4d282c08dc5f"
  ]
}