Intrusion Prevention

Rhadamanthys.Stealer.Botnet

Description

This indicates that a system might be infected by Rhadamanthys Stealer Botnet.
Rhadamanthys Stealer is an infostealer malware that steals password credentials and cryptocurrency wallets.
All botnet signatures from FortiOS 5.6 onwards are under IPS, and have their default action set to "Block".

Affected Products

Any unprotected Windows system is vulnerable.

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems

Recommended Actions

If required, the signature's action can be set to "Block".
Please use Anti-Virus software to scan and clean the infected devices.

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date	Version	Status	Detail
2025-04-22	31.994	Modified	Sig Added
2025-03-20	31.974	Modified	Name:Rhadamanthus. Stealer. Botnet:Rhadamanthys. Stealer. Botnet
2023-03-01	23.504	Modified	Sig Added
2023-01-23	22.481	New

ID	52487
Created	Jan 23, 2023
Updated	Apr 22, 2025
Risk
Default Action	drop
Active
Affected OS	Windows
Affected App	Other
Profile Type	Malware

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Intrusion Prevention

Rhadamanthys.Stealer.Botnet

Description

Affected Products

Impact

Recommended Actions

Coverage

Version Updates

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

Intrusion Prevention

Rhadamanthys.Stealer.Botnet

Description

Affected Products

Impact

Recommended Actions

Coverage

Version Updates

Threat Intelligence
Center