HOMETHREATSGhost RAT
MALWARE FAMILY

Ghost RAT

Internal ID: win.ghost_rat
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

According to Security Ninja, Gh0st RAT (Remote Access Terminal) is a trojan “Remote Access Tool” used on Windows platforms, and has been used to hack into some of the most sensitive computer networks on Earth.

Below is a list of Gh0st RAT capabilities.

Take full control of the remote screen on the infected bot.

Provide real time as well as offline keystroke logging.

Provide live feed of webcam, microphone of infected host.

Download remote binaries on the infected remote host.

Take control of remote shutdown and reboot of host.

Disable infected computer remote pointer and keyboard input.

Enter into shell of remote infected host with full control.

Provide a list of all the active processes.

Clear all existing SSDT of all existing hooks.

Threat Analysis

Ghost RAT is a malware family tracked by threat intelligence researchers and catalogued in the Malpedia dataset. It represents a distinct malicious software lineage with identifiable code characteristics, behaviors, and victimology.

External References

Quick Facts

TypeMalware Family
Aliases1

Also Known As

win.ghost_rat

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
Ghost RAT — Malware Family | Threat Intelligence | CTIWATCH.COM