HOMETHREATSGhost RAT
APT / THREAT GROUP

Ghost RAT

5
aliases
Last seen:Mar 17, 2026

Intelligence Profile

According to Security Ninja, Gh0st RAT (Remote Access Terminal) is a trojan “Remote Access Tool” used on Windows platforms, and has been used to hack into some of the most sensitive computer networks on Earth.

Below is a list of Gh0st RAT capabilities.

Take full control of the remote screen on the infected bot.

Provide real time as well as offline keystroke logging.

Provide live feed of webcam, microphone of infected host.

Download remote binaries on the infected remote host.

Take control of remote shutdown and reboot of host.

Disable infected computer remote pointer and keyboard input.

Enter into shell of remote infected host with full control.

Provide a list of all the active processes.

Clear all existing SSDT of all existing hooks.

Threat Analysis

Ghost RAT is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases5

Also Known As

Farfliwin.ghost_ratPCRatGh0st RATGhost RAT

External Intelligence

Malpedia: win.ghost_rat

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
Ghost RAT — APT / Threat Group | Threat Intelligence | CTIWATCH.COM