SYMBOLCOMMON_NAMEaka. SYNONYMS
win.godrat (Back to overview)

GodRAT

Actor(s): APT41

GodRAT shares a common origin with AwesomePuppet RAT, alongside Gh0st RAT code similarities. GodRAT is likely connected with Winnty APT activities.

Old implant codebases, such as Gh0st RAT, which are nearly two decades old, continue to be used today. These are often customized and rebuilt to target a wide range of victims. These old implants are known to have been used by various threat actors for a long time, and the GodRAT discovery demonstrates that legacy codebases like Gh0st RAT can still maintain a long lifespan in the cybersecurity landscape.

References
2025-08-19securelistSaurabh Sharma
GodRAT – New RAT targeting financial institutions
GodRAT

There is no Yara-Signature yet.