Rhadamanthys
Rhadamanthys is a malware family classified as an infostealer, which has been the target of major law enforcement operations, notably Europol's Operation Endgame in 2025. The operation dismantled infrastructure supporting Rhadamanthys, along with other malware such as VenomRAT and the Elysium botnet, resulting in the seizure or disabling of over 1,000 servers across ten countries. Rhadamanthys is used for credential theft and data exfiltration, and its infrastructure has been a focus for international cybercrime enforcement. There is no direct attribution to a nation-state actor or specific criminal group in the provided content. The malware is notable for its role in large-scale cybercriminal operations and its targeting by coordinated law enforcement actions.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Recent activity
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Rhadamanthys is a malware family used for credential theft and botnet operations, supporting cybercrime infrastructure for remote access and data theft.
Rhadamanthys is an infostealer malware used to steal credentials and sensitive information from victims, which can then be used for further attacks such as ransomware or cryptocurrency theft.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.