Use Cases September 19, 2016

Malicious Protocols: Gh0st Rat

Gh0st RAT is a popular example of a Remote Access Trojan used by attackers to control infected endpoints, originally attributed to threat actor groups in China. Gh0st RAT and its variants are still some of the most widely used RAT tools in existence due to their effectiveness. Once installed, Gh0st allows an attacker to take full control of the infected endpoint, log keystrokes, provide live webcam and microphone feeds, download and upload files, and other powerful features. Another feature of Gh0St RAT is the ability to obfuscate the client-server communication using a proprietary network protocol. This is wrapped up with a number of intuitive graphical user interfaces to make malicious remote control simple.