Gh0strat

Malware Profile Updated 13 days ago
Download STIX
Preview STIX
Gh0stRAT is a malware, specifically a Remote Access Trojan (RAT), that was first observed in 2008. Over the years, its publicly available source code has been modified by various authors and threat actors, resulting in several variants such as Sainbox. For over a decade, Gh0stRAT and related variants have been consistently exploited in different cybercrime circles. Recently, Proofpoint researchers have noted a minor resurgence in the use of Sainbox and other Chinese-themed malware, which has sparked interest among analysts assessing the broader impact of older malware. In 2023, Proofpoint observed an increase in the use of Sainbox, a variant of Gh0stRAT. Additionally, a handful of Chinese language campaigns were seen delivering older Gh0stRAT variants. Nearly all these Sainbox campaigns used invoice-themed lures spoofing Chinese office and invoicing companies. This trend continued into 2024 with the May campaign, dubbed UNK_SweetSpecter, employing SugarGh0st RAT, a remote access trojan tailored from the Gh0stRAT. The combination of older malware like Sainbox and newly uncovered malware like ValleyRAT may challenge the dominance of the Russian-speaking cybercrime market on the threat landscape. The continued use and evolution of Gh0stRAT variants indicate a persistent threat to cybersecurity. It's crucial for organizations to stay vigilant against these threats, particularly as they evolve and adapt to new security measures.
What's your take? (Question 1 of 2)
12d06a4d-ba04-4e0b-9c83-e0352c9f6c3b Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Trojan
Chinese
Rat
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Gh0strat Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
8 months ago
Chinese Malware Appears in Earnest Across Cybercrime Threat Landscape | Proofpoint US
CERT-EU
8 months ago
Threat Roundup for September 22 to September 29
CERT-EU
8 months ago
A Wave of Chinese Cyberthreat Campaigns Use Old and New Malware
BankInfoSecurity
12 days ago
Hackers Target US AI Experts With Customized RAT
CERT-EU
8 months ago
Cyber Security Week in Review: September 22, 2023
CERT-EU
8 months ago
New Spike in Malware from Chinese Cybercriminals Floods the Threat Landscape – Proofpoint Research – Global Security Mag Online
InfoSecurity-magazine
13 days ago
SugarGh0st RAT Variant Used in Targeted AI Industry Attacks