RAT
Gh0st RAT
aka Gh0stRAT · Moudoor (variant)
A classic open-source remote access trojan of Chinese origin, used in countless espionage campaigns since its public release in 2008.
Gh0st RAT is a foundational remote access trojan whose source code was released publicly around 2008. That openness made it a staple of cyber-espionage, most famously the GhostNet operation that compromised embassies and government systems across dozens of countries.
Capabilities
Gh0st provides complete control of a victim machine — remote shell, keylogging, live webcam and microphone capture, and file management — communicating over a recognisable custom "Gh0st" C2 protocol that detection signatures still key on today.
Endurance
Because the source is public, Gh0st spawned countless variants and remains in active use by both criminal and state-aligned operators. Its protocol is a common reverse-engineering exercise on the Reverse Engineering Hub; related campaigns are on Cyber Breaches.
Defense
Inspect for the Gh0st C2 signature, restrict macro/exploit document delivery, and monitor for unexpected remote-control behaviour.