Remote Access Trojan
Gh0st RAT
First seen: 2008-01 • Status: active
Currently Active Threat
Gh0st RAT is an old Chinese hacking tool whose code is publicly available. Many groups have modified and used it.
Overview
Gh0st RAT is an open-source Chinese RAT that has been used in countless campaigns. Its source code is widely available and modified.
Also Known As
Ghost RAT
How It Spreads
- • Phishing
- • Drive-by downloads
- • Watering holes
What It Does
- • Remote access
- • Keylogging
- • Screen capture
- • File theft
Is your business exposed?
Target Platforms
Windows
Detection Tips
- • Monitor for Gh0st RAT signatures
- • Watch for known C2 patterns
MITRE ATT&CK Techniques
T1056, T1113, T1005
If You're Infected
- 1.
Remove with antivirus
- 2.
Reset all credentials
Related Malware
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required