Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Malware

Gh0st – RAT Malware

June 1, 2023
Reading Time: 3 mins read
in Malware, Types of Malware
Name Gh0st
Additional Names 7hero, Adobe, B1X6Z, BEiLa, BeiJi, ByShe, FKJP3, FLYNN
Type of Malware RAT
Location – Country of Origin Gh0st Remote Administration Tool was created by a Chinese hacking group named C. Rufus Security Team
Date of initial activity 2011
Associated Groups Axiom, Threat Group-3390, APT41, Leviathan, Higaisa, TA459, PittyTiger, Andariel, APT18
Motivation Surveillance and espionage. However, since Gh0st RAT’s source code is publicly available, it remains plausible that any threat actor could download and modify the code for their own needs. intellectual property theft against healthcare and technology companies
Attack Vectors Phishing campaigns
Targeted System Windows, macOS

Overview

Gh0st is a RAT used to control infected endpoints. Gh0st is dropped by other malware to create a backdoor that enables an attacker to fully control the infected device.

Targets

Governments, embassies, economic targets, and media.

Tools/ Techniques Used

Gh0st RAT can:

  • Take full control of the remote screen on the infected bot.
  • Provide real time as well as offline keystroke logging.
  • Provide live feed of webcam, microphone of infected host.
  • Download remote binaries on the infected remote host.
  • Take control of remote shutdown and reboot of host.
  • Disable infected computer remote pointer and keyboard input.
  • Enter into shell of remote infected host with full control.
  • Provide a list of all the active processes.
  • Clear all existing SSDT of all existing hooks.

Impact / Significant Attacks

Operation Dust Storm, One such breach was the operation known as “GhostNet” in 2009, in which a large-scale cyber-attack used Gh0st RAT to conduct surveillance and espionage. The breach impacted the Dalai Lama’s Tibetan exile centers in multiple countries.

Indicators of Compromise (IoCs)

MD5 Hashes

77bd9926a4b41c14259e20c1f90e22aa

References

  1. Gh0st RAT: Complete malware analysis – Part 1
  2. Top 10 Malware Q1 2023
Tags: AxiomBackdoorCyberattackCybersecurityGh0stGovernmentsHackerHackingMalwaremalware nameRemote
ADVERTISEMENT

Related Posts

Iranian Phishing Campaign (Scam) – Malware

Iranian Phishing Campaign (Scam) – Malware

March 2, 2025
Fake WalletConnect (Infostealer) – Malware

Fake WalletConnect (Infostealer) – Malware

March 2, 2025
SilentSelfie (Infostealer) – Malware

SilentSelfie (Infostealer) – Malware

March 2, 2025
Sniper Dz (Scam) – Malware

Sniper Dz (Scam) – Malware

March 2, 2025
TikTok Malware Scam (Trojan) – Malware

TikTok Malware Scam (Trojan) – Malware

March 2, 2025
Zombinder (Exploit Kit) – Malware

Zombinder (Exploit Kit) – Malware

March 2, 2025

Latest Alerts

Venom Spiders More Eggs Malware Hits Hiring

Hazy Hawk Hijacks Cloud DNS For Web Scams

Fake Kling AI Sites Spread Malware To Users

W3LL Phishing Kit Steals Microsoft Logins

Windows 10 Intel BitLocker Bug Fixed

Zoom Phishing Attack Steals Corporate Logins

Subscribe to our newsletter

    Latest Incidents

    UK Peter Green Chilled Hit By Ransomware

    Cellcom Cyberattack Causes Service Outage

    Ohio Kettering Health Faces Cyberattack

    Belgian mobile customers’ data leaked

    Promises2Kids Data Breach Hits Foster Youth

    RVTools Compromised With a Trojanized Installer

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial