Gh0st.Rat.Botnet
Description
This indicates that a system might be infected by the Gh0st Rat Botnet.
Gh0st Rat is a Windows malware that can remotely control a computer to log key strokes, take screenshots, execute arbitrary commands, download and install additional malware.
Please note: this signature sometimes gets triggered by botnet scanning traffics from Shodan scanners. Please check the source IP to verify if it's an actual infection on the network.
Affected Products
Any unprotected Windows system is vulnerable.
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
If required, the signature's action can be set to "Block".
Use Anti-Virus software to scan and clean the system.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |