Gh0stcringe

Malware updated 5 months ago (2024-06-11T09:17:40.694Z)

Download STIX

Preview STIX

Gh0stCringe is a variant of Gh0st RAT, a notorious malware that has been used in numerous cyber attacks. This malicious software is designed to exploit and damage computers or devices by infiltrating the system through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Gh0stCringe can steal personal information, disrupt operations, or even hold data hostage for ransom. It's worth noting that Gh0stCringe is based on the source code of Gh0st RAT and employs a custom algorithm using a combination of XOR and other instructions, similar to another malware variant known as Noodle RAT. The threat actor attempted to execute Gh0stCringe from the ESET folder, indicating a more targeted attack strategy. In addition to Gh0stCringe, the attacker also installed several other pieces of malicious software. These include Cobalt Strike and Quasar RAT, both of which are remote access tools that allow the attacker to control the infected machine remotely. Also installed was HDoor, a backdoor previously used by Chinese groups like Naikon and Goblin Panda, further expanding the attacker's control over the compromised systems. Among the other malware installed by the threat actor is a multi-functional implant called Winnti. Winnti is capable of granting remote control to an infected machine, adding another layer of control for the attacker. The use of these various types of malware, including Gh0stCringe, indicates a sophisticated and multifaceted attack strategy aimed at gaining extensive control over the infected systems, stealing sensitive information, and potentially causing significant operational disruption.

Description last updated: 2024-06-11T09:16:22.230Z

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
gh0st RAT is a possible alias for Gh0stcringe. Gh0st RAT is a malicious software (malware) that has been in use for over 15 years. It is an open-source remote access tool known for exploiting vulnerabilities in systems, most notably the PHP flaw which it targeted within 24 hours of disclosure. This malware was observed as part of Operation Diplo	4

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Rat

Encryption

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Gh0stcringe Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
InfoSecurity-magazine	5 months ago	Chinese Hackers Leveraging 'Noodle RAT' Backdoor
Trend Micro	5 months ago	Noodle RAT Reviewing the New Backdoor Used by Chinese-Speaking Groups
CERT-EU	a year ago	New Report Uncovers 3 Distinct Clusters of China-Nexus Attacks on Southeast Asian Government
Unit42	a year ago	Persistent Attempts at Cyberespionage Against Southeast Asian Government Target Have Links to Alloy Taurus