Unveiling RevC2 and Venom Loader

SUMMARY :

Between August and October 2024, two new malware families, RevC2 and Venom Loader, were deployed using Venom Spider's Malware-as-a-Service tools. RevC2 uses WebSockets for C2 communication and can steal cookies and passwords, proxy network traffic, and enable remote code execution. Venom Loader is customized for each victim, using the computer name to encode the payload. The first campaign used an API documentation lure to deliver RevC2, while the second campaign used a cryptocurrency transaction lure to deliver Venom Loader and Retdoor, a JavaScript backdoor. Both campaigns demonstrate sophisticated attack chains and highlight the evolving threat landscape.

OPENCTI LABELS :

venomlnk,venom loader,terrastealer,revc2


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Unveiling RevC2 and Venom Loader