THL GHOST Cryptojacker Kit Distribution File Download from AEZA Hosting Range

SID: 1900018Rev: 1Enabled2 views
Filehunters-ledger.rules
CreatedJune 25, 2026
UpdatedJune 25, 2026
Classificationtrojan-activity
alert http $HOME_NET any -> 77.110.0.0/16 any (msg:"THL GHOST Cryptojacker Kit Distribution File Download from AEZA Hosting Range"; http.uri; pcre:"/\/(libpam_cache\.so|ghost\.sh|hyst\.sh|min1\.sh|libpam_cache\.c)$/"; classtype:trojan-activity; reference:url,the-hunters-ledger.com/hunting-detections/ghost-cryptojacker-vova75rus-77.110.96.200-detections/; metadata:affected_product Linux, attack_target Server, deployment Perimeter, performance_impact Low, signature_severity Critical, tag Dropper, tag GHOST_kit; sid:1900018; rev:1;)

References

urlthe-hunters-ledger.com/hunting-detections/ghost-cryptojacker-vova75rus-77.110.96.200-detections/

Metadata

affected productLinux
attack targetServer
deploymentPerimeter
performance impactLow
signature severityCritical
tagGHOST_kit

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!