THL GHOST Cryptojacker Kit Hysteria v2 QUIC Backdoor Egress — Known Operator Ports - Suricata Rule 1900017 (hunters-ledger)

THL GHOST Cryptojacker Kit Hysteria v2 QUIC Backdoor Egress — Known Operator Ports

SID: 1900017Rev: 1Enabled2 views

Filehunters-ledger.rules

CreatedJune 25, 2026

UpdatedJune 25, 2026

Classificationtrojan-activity

alert udp $HOME_NET any -> any 14433:14444 (msg:"THL GHOST Cryptojacker Kit Hysteria v2 QUIC Backdoor Egress — Known Operator Ports"; threshold:type threshold, track by_src, count 5, seconds 60; classtype:trojan-activity; reference:url,the-hunters-ledger.com/hunting-detections/ghost-cryptojacker-vova75rus-77.110.96.200-detections/; metadata:affected_product Linux, attack_target Server, deployment Perimeter, performance_impact Low, signature_severity Critical, tag Backdoor, tag GHOST_kit, tag Hysteria_v2; sid:1900017; rev:1;)

References

url	the-hunters-ledger.com/hunting-detections/ghost-cryptojacker-vova75rus-77.110.96.200-detections/

Metadata

affected productLinux

attack targetServer

deploymentPerimeter

performance impactLow

signature severityCritical

tagHysteria_v2

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!