May 30, 2026
C2 Hosts: 16
Ghost RAT
Also known as: Farfli, Gh0st RAT, PCRat
According to Security Ninja, Gh0st RAT (Remote Access Terminal) is a trojan “Remote Access Tool” used on Windows platforms, and has been used to hack into some of the most sensitive computer networks on Earth.
Below is a list of Gh0st RAT capabilities.
Take full control of the remote screen on the infected bot.
Provide real time as well as offline keystroke logging.
Provide live feed of webcam, microphone of infected host.
Download remote binaries on the infected remote host.
Take control of remote shutdown and reboot of host.
Disable infected computer remote pointer and keyboard input.
Enter into shell of remote infected host with full control.
Provide a list of all the active processes.
Clear all existing SSDT of all existing hooks.
Linked Threat Actors
EMISSARY PANDAHurricane PandaLazarus GroupLeviathanRed MenshenStone Panda
C2 Infrastructure
Hosting/VPS 89%
Business 5%
ISP/Residential 5%
Last 7 days
May 29, 2026
C2 Hosts: 27
May 28, 2026
C2 Hosts: 6
May 26, 2026
C2 Hosts: 2
May 24, 2026
C2 Hosts: 5
May 23, 2026
C2 Hosts: 1
| Date | C2 Hosts |
|---|---|
| May 30, 2026 | 16 |
| May 29, 2026 | 27 |
| May 28, 2026 | 6 |
| May 26, 2026 | 2 |
| May 24, 2026 | 5 |
| May 23, 2026 | 1 |
Further Reading
Water Pamola Attacked Online Shops Via Malicious Orders
Since 2019, we have been tracking a threat campaign we dubbed as “Water Pamola.” The campaign initially compromised e-commerce online shops in Japan, Australia, and European countries via spam emai...
trendmicro.com
Tropic Trooper Targets Transportation and Government Organizations
trendmicro.com
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware
trendmicro.com
Analysis of top non-HTTP/S threats | Zscaler Blog
In this article, Zscaler security research team dissect the custom protocols used in some of the most prevalent RATs seen in recent campaigns. Read more.
zscaler.com