Skip to content Dark Web Informer - Cyber Threat Intelligence

Unlock Exclusive Cyber Threat Intelligence

Powered by DarkWebInformer.com

Foundational access to breach intelligence. Track breaches, leaks, and threats in real time with high quality screenshots and concise expert summaries.

📚
4,700+ Blog Posts (PRO)
Continuously updated breach reports and threat summaries.
📢
37,000+ Alerts (PRO)
Daily breach, leak, and DDoS alerts.
📤
Unredacted Threat Feed
Live tracking with JSON export.
🔍
Leak and Breach Coverage
Direct access to claims and posts.
📡
Snippets and Quick Facts
Concise summaries of DDoS, defacements, and breaches.
🌐
500+ Onion and Clearnet Resources
Verified index of dark web sites and services.
📊
Real Time Uptime Dashboard
Live status of 500+ sites.
🤖
WhiteIntel.io API
Integrated checks inside breach posts.
🖼️
High Resolution Images
Uncompressed, watermark free evidence.
🔑
Keyword Notifications
Browser alerts for tracked terms.
👥
Telegram Channels
Stay in the loop across channels.
📨
PGP Contacts
Verified PGPs for ransomware and threat groups.

📖 Overview

A threat actor is promoting Horus Eyes RAT 2025, a cyber-espionage tool designed for covert surveillance, credential theft, and system exploitation. The malware is described as using advanced stealth techniques to evade defenses, including process injection, memory residency, rootkit functionality, and anti-sandboxing.


📌 Key Details

  • Victim Country: Unknown
  • Industry: Unknown
  • Threat Actor: Sebastian85
  • Network: openweb
  • Category: Malware
  • Severity: Low
  • Capabilities:
    • Stealth: Process injection, memory residency, rootkit features, anti-sandbox/anti-VM
    • Surveillance: Screen capture, keylogging, webcam and microphone access, clipboard monitoring
    • Exploitation: Remote shell access, file exfiltration, persistence mechanisms
    • Network Attacks: MITM, credential harvesting, USB/network worming
    • Financial Modules: Wallet hijacking, banking trojans, cookie/session hijacking
  • Distribution: Shared via file-hosting platforms (4Share, Mega-NZ, MediaFire, mirrored links)

🔗 Claim Post (Plain Text)

Claim Post: Available on the Threat Feeds and Paid Subscriber blog posts.


📸 Screenshot Preview

⚠️ Note: This is a free post. Images may contain redacted information. Paid posts and threat feeds contain unredacted material.


🛡️ WhiteIntel.io Access Infostealers Check

This section is available exclusively for paid subscribers in the Ransomware/Threat Feed blog posts.


🧩 TTPs (MITRE ATT&CK Mapping)

  • TA0009 Collection: Keylogging, screen capture, clipboard and webcam monitoring
  • TA0001 Initial Access: Spread through USB, file shares, or malicious downloads
  • TA0002 Execution: Rootkit and process injection techniques for persistence
  • TA0010 Exfiltration: Theft of credentials, financial data, and cryptocurrency wallet info
  • TA0040 Impact: Account takeover, financial fraud, espionage, and lateral movement

👤 Threat Actor Profile: Sebastian85

Summary

  • Total Matches: 1
  • First Seen: 2025-08-25
  • Last Seen: 2025-08-25
  • Data Start: 2024-10-02
  • Countries: –
  • Industries: –

📊 Threat Actor Activity

DateCountrySector / IndustryTypeTarget / ToolNetwork
2025-08-25UnknownMalwareHorus Eyes RAT 2025openweb

🚨 Potential Risks

Tools like Horus Eyes RAT provide attackers with near-total control of a victim’s system. With features such as banking trojans, wallet hijacking, and keylogging, it poses direct financial risks to individuals and organizations. It also enables long-term espionage through stealthy persistence, exposing sensitive corporate or personal data.


  • Block execution of untrusted binaries and enforce strict application whitelisting
  • Deploy EDR/AV solutions capable of detecting process injection and rootkits
  • Educate users to avoid downloading files from unverified links or mirrors
  • Monitor for unusual clipboard activity, unauthorized screen captures, or webcam access
  • Enforce multi-factor authentication and secure financial transactions with hardware tokens
  • Conduct proactive threat hunting for signs of persistence mechanisms linked to RATs

💡 Final Thoughts

The reappearance of remote access trojans like Horus Eyes highlights how old malware techniques are continually repackaged with modern features. For defenders, layered detection, strong endpoint monitoring, and continuous education remain the most effective strategies to counter these threats.

Latest