Unlock Exclusive Cyber Threat Intelligence
Powered by DarkWebInformer.com
Foundational access to breach intelligence. Track breaches, leaks, and threats in real time with high quality screenshots and concise expert summaries.
Continuously updated breach reports and threat summaries.
Daily breach, leak, and DDoS alerts.
Live tracking with JSON export.
Direct access to claims and posts.
Concise summaries of DDoS, defacements, and breaches.
Verified index of dark web sites and services.
Live status of 500+ sites.
Integrated checks inside breach posts.
Uncompressed, watermark free evidence.
Browser alerts for tracked terms.
Stay in the loop across channels.
Verified PGPs for ransomware and threat groups.
📖 Overview
A threat actor is promoting Horus Eyes RAT 2025, a cyber-espionage tool designed for covert surveillance, credential theft, and system exploitation. The malware is described as using advanced stealth techniques to evade defenses, including process injection, memory residency, rootkit functionality, and anti-sandboxing.
📌 Key Details
- Victim Country: Unknown
- Industry: Unknown
- Threat Actor: Sebastian85
- Network: openweb
- Category: Malware
- Severity: Low
- Capabilities:
- Stealth: Process injection, memory residency, rootkit features, anti-sandbox/anti-VM
- Surveillance: Screen capture, keylogging, webcam and microphone access, clipboard monitoring
- Exploitation: Remote shell access, file exfiltration, persistence mechanisms
- Network Attacks: MITM, credential harvesting, USB/network worming
- Financial Modules: Wallet hijacking, banking trojans, cookie/session hijacking
- Distribution: Shared via file-hosting platforms (4Share, Mega-NZ, MediaFire, mirrored links)
🔗 Claim Post (Plain Text)
Claim Post: Available on the Threat Feeds and Paid Subscriber blog posts.
📸 Screenshot Preview


⚠️ Note: This is a free post. Images may contain redacted information. Paid posts and threat feeds contain unredacted material.
🛡️ WhiteIntel.io Access Infostealers Check
This section is available exclusively for paid subscribers in the Ransomware/Threat Feed blog posts.
🧩 TTPs (MITRE ATT&CK Mapping)
- TA0009 Collection: Keylogging, screen capture, clipboard and webcam monitoring
- TA0001 Initial Access: Spread through USB, file shares, or malicious downloads
- TA0002 Execution: Rootkit and process injection techniques for persistence
- TA0010 Exfiltration: Theft of credentials, financial data, and cryptocurrency wallet info
- TA0040 Impact: Account takeover, financial fraud, espionage, and lateral movement
👤 Threat Actor Profile: Sebastian85
Summary
- Total Matches: 1
- First Seen: 2025-08-25
- Last Seen: 2025-08-25
- Data Start: 2024-10-02
- Countries: –
- Industries: –
📊 Threat Actor Activity
Date | Country | Sector / Industry | Type | Target / Tool | Network |
---|---|---|---|---|---|
2025-08-25 | Unknown | – | Malware | Horus Eyes RAT 2025 | openweb |
🚨 Potential Risks
Tools like Horus Eyes RAT provide attackers with near-total control of a victim’s system. With features such as banking trojans, wallet hijacking, and keylogging, it poses direct financial risks to individuals and organizations. It also enables long-term espionage through stealthy persistence, exposing sensitive corporate or personal data.
✅ Recommended Security Actions
- Block execution of untrusted binaries and enforce strict application whitelisting
- Deploy EDR/AV solutions capable of detecting process injection and rootkits
- Educate users to avoid downloading files from unverified links or mirrors
- Monitor for unusual clipboard activity, unauthorized screen captures, or webcam access
- Enforce multi-factor authentication and secure financial transactions with hardware tokens
- Conduct proactive threat hunting for signs of persistence mechanisms linked to RATs
💡 Final Thoughts
The reappearance of remote access trojans like Horus Eyes highlights how old malware techniques are continually repackaged with modern features. For defenders, layered detection, strong endpoint monitoring, and continuous education remain the most effective strategies to counter these threats.