{
	"id": "d642adde-a9a2-4980-8679-5656522ccb39",
	"created_at": "2026-04-06T00:09:37.468921Z",
	"updated_at": "2026-04-10T13:11:45.771229Z",
	"deleted_at": null,
	"sha1_hash": "e9202bae233adb61dec1c852f4669664a666a9b6",
	"title": "What Is The Venom RAT? A Detailed Explanation of this remote access tool | Threat Intelligence | CloudSEK",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 316168,
	"plain_text": "What Is The Venom RAT? A Detailed Explanation of this remote\r\naccess tool | Threat Intelligence | CloudSEK\r\nArchived: 2026-04-05 19:55:08 UTC\r\nExecutive Summary\r\nCloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a cybercrime forum,\r\nadvertising VenomRAT.\r\nVenomRAT is a remote access tool discovered by 2020, and it is used by threat actors to control the\r\ninfected systems remotely.\r\nCategory Adversary Intelligence\r\nAffected\r\nIndustries\r\nMultiple\r\nAffected\r\nRegion\r\nGlobal\r\nSource* C2\r\nTLP# Green\r\nReference\r\n*https://en.wikipedia.org/wiki/Intelligence_source_and_information_reliability\r\n#https://en.wikipedia.org/wiki/Traffic_Light_Protocol\r\nhttps://cloudsek.com/threatintelligence/what-is-the-venom-rat-a-detailed-explanation-of-this-remote-access-tool\r\nPage 1 of 4\n\n[caption id=\"attachment_18224\" align=\"aligncenter\" width=\"1090\"]\r\nVenomRAT - Threat actor’s post on the cybercrime forum[/caption]\r\nAnalysis and Attribution\r\nInformation from the Post\r\nThe threat actor has listed two versions of the RAT, the second version of the RAT includes HVNC (Hidden\r\nVirtual Network Connection).\r\n1. Features of the RAT include:\r\nConnect with the system remotely.\r\nGet the system information  \r\nRemote Shell \r\nTCP Connection\r\nReverse Proxy\r\nRegistry Editor \r\nUAC (User Access Control) Exploit\r\nDisable WD (Windows Defender)\r\nFormat All Drivers\r\nChange client name\r\nEnable install \r\nAnti kill\r\nHide file \r\nhttps://cloudsek.com/threatintelligence/what-is-the-venom-rat-a-detailed-explanation-of-this-remote-access-tool\r\nPage 2 of 4\n\nHide folder \r\nPersist on the system as startup / persistence \r\nChange registry name \r\nEncrypted connection\r\nEnable keylogger Offline/Online\r\n2. VenomRAT with HVNC\r\nHVNC Features, Included all the features of the Venom RAT\r\nHVNC Clone Profile\r\nHidden Desktop\r\nHidden Browsers\r\nSupport WebGL\r\nHidden Chrome, Firefox, Edge, Brave\r\nHidden Explorer\r\nHidden Powershell\r\nHidden Startup\r\nReverse Connection\r\nRemote Download+ Execute\r\nThis RAT was discovered by 2020, and based on open-source research this RAT is built on top of QuasarRAT\r\nwhich is an open-source legit tool used as a Remote Access Tool.  \r\nSource Rating\r\nThe threat actor joined in October 2021 and has a deposit on the forum 0.010092 BTC.\r\nThe main activity of the threat actor is related to advertising for VenomRAT.\r\nHence,\r\nThe reliability of the actor can be rated Fairly reliable (C).\r\nThe credibility of the advertisement can be rated Probably true (2).\r\nGiving overall source credibility of C2.\r\n \r\nImpact \u0026 Mitigation\r\nImpact Mitigation\r\nThis type of malware gives the attackers the ability\r\nto control the victim machine and wreak havoc in\r\nthe system.\r\nAvoid downloading suspicious\r\ndocuments from unknown sources.\r\nAvoid clicking on suspicious links.\r\nEnable the visibility of files extensions,\r\nand have a vigil eye on the file\r\nhttps://cloudsek.com/threatintelligence/what-is-the-venom-rat-a-detailed-explanation-of-this-remote-access-tool\r\nPage 3 of 4\n\nextensions.\r\nUpdate the system and all the\r\napplications to the latest patches and\r\nupdates.\r\nEnsure the usage of MFA.\r\nUse up-to-date antivirus and anomaly\r\ndetection tools.\r\nUse updated EDR solutions that help in\r\nmonitoring the network.\r\n \r\nSource: https://cloudsek.com/threatintelligence/what-is-the-venom-rat-a-detailed-explanation-of-this-remote-access-tool\r\nhttps://cloudsek.com/threatintelligence/what-is-the-venom-rat-a-detailed-explanation-of-this-remote-access-tool\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://cloudsek.com/threatintelligence/what-is-the-venom-rat-a-detailed-explanation-of-this-remote-access-tool"
	],
	"report_names": [
		"what-is-the-venom-rat-a-detailed-explanation-of-this-remote-access-tool"
	],
	"threat_actors": [],
	"ts_created_at": 1775434177,
	"ts_updated_at": 1775826705,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e9202bae233adb61dec1c852f4669664a666a9b6.pdf",
		"text": "https://archive.orkl.eu/e9202bae233adb61dec1c852f4669664a666a9b6.txt",
		"img": "https://archive.orkl.eu/e9202bae233adb61dec1c852f4669664a666a9b6.jpg"
	}
}