Gh0stcringe

Malware updated a month ago (2024-11-29T14:46:03.558Z)
Download STIX
Preview STIX
Gh0stCringe is a variant of Gh0st RAT, a notorious malware that has been used in numerous cyber attacks. This malicious software is designed to exploit and damage computers or devices by infiltrating the system through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Gh0stCringe can steal personal information, disrupt operations, or even hold data hostage for ransom. It's worth noting that Gh0stCringe is based on the source code of Gh0st RAT and employs a custom algorithm using a combination of XOR and other instructions, similar to another malware variant known as Noodle RAT. The threat actor attempted to execute Gh0stCringe from the ESET folder, indicating a more targeted attack strategy. In addition to Gh0stCringe, the attacker also installed several other pieces of malicious software. These include Cobalt Strike and Quasar RAT, both of which are remote access tools that allow the attacker to control the infected machine remotely. Also installed was HDoor, a backdoor previously used by Chinese groups like Naikon and Goblin Panda, further expanding the attacker's control over the compromised systems. Among the other malware installed by the threat actor is a multi-functional implant called Winnti. Winnti is capable of granting remote control to an infected machine, adding another layer of control for the attacker. The use of these various types of malware, including Gh0stCringe, indicates a sophisticated and multifaceted attack strategy aimed at gaining extensive control over the infected systems, stealing sensitive information, and potentially causing significant operational disruption.
Description last updated: 2024-06-11T09:16:22.230Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
gh0st RAT is a possible alias for Gh0stcringe. Gh0st RAT is a malicious software (malware) that has been in use for over 15 years. It is an open-source remote access tool known for exploiting vulnerabilities in systems, most notably the PHP flaw which it targeted within 24 hours of disclosure. This malware was observed as part of Operation Diplo
4
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Rat
Encryption
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Gh0stcringe Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more