Derp.ca

Gh0st RAT

Also known as: Farfli, Gh0st RAT, PCRat

According to Security Ninja, Gh0st RAT (Remote Access Terminal) is a trojan “Remote Access Tool” used on Windows platforms, and has been used to hack into some of the most sensitive computer networks on Earth.

Below is a list of Gh0st RAT capabilities.

Take full control of the remote screen on the infected bot.

Provide real time as well as offline keystroke logging.

Provide live feed of webcam, microphone of infected host.

Download remote binaries on the infected remote host.

Take control of remote shutdown and reboot of host.

Disable infected computer remote pointer and keyboard input.

Enter into shell of remote infected host with full control.

Provide a list of all the active processes.

Clear all existing SSDT of all existing hooks.

Linked Threat Actors

EMISSARY PANDAHurricane PandaLazarus GroupLeviathanRed MenshenStone Panda

C2 Infrastructure

Hosting/VPS95%
ISP/Residential5%

Last 7 days

Apr 14, 2026
C2 Hosts: 21
Apr 13, 2026
C2 Hosts: 25
Apr 12, 2026
C2 Hosts: 22
Apr 11, 2026
C2 Hosts: 21
Apr 10, 2026
C2 Hosts: 18
Apr 9, 2026
C2 Hosts: 20
Apr 8, 2026
C2 Hosts: 21

Further Reading

Water Pamola Attacked Online Shops Via Malicious Orders

Since 2019, we have been tracking a threat campaign we dubbed as “Water Pamola.” The campaign initially compromised e-commerce online shops in Japan, Australia, and European countries via spam emai...

trendmicro.com
Tropic Trooper Targets Transportation and Government Organizations
trendmicro.com
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware
trendmicro.com
Analysis of top non-HTTP/S threats | Zscaler Blog

In this article, Zscaler security research team dissect the custom protocols used in some of the most prevalent RATs seen in recent campaigns. Read more.

zscaler.com