{
  "family": "gh0st",
  "sample_count": 4,
  "category": "rat",
  "description": "Gh0st is a remote access trojan (rat) family with 4 samples in ember 2018, providing attackers with extensive remote control over infected systems including keylogging, screen capture, webcam access, and file management. rats are commonly used in both commodity cybercrime and targeted attacks.",
  "cta": "If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance.",
  "aliases": [],
  "enrichment_level": "category-templated",
  "faq": [
    {
      "@type": "Question",
      "name": "What is Gh0St malware?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "Gh0St is a member of the rat category in the EMBER 2018 malware corpus. Like other rat samples it shares the behaviors typical of that class. Because precise family-specific reporting on Gh0St is limited, this catalog only describes it at the category level rather than fabricating unverified details."
      }
    },
    {
      "@type": "Question",
      "name": "What should I do if Gh0St is detected on my system?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "Do not attempt manual removal. Rat samples often establish persistence and may be part of a larger compromise. Isolate the affected system from the network and contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response."
      }
    }
  ],
  "faq_count": 2,
  "mitre_attack": [],
  "cisa_advisory": null,
  "last_updated": "2026-05-27"
}