THL GHOST Cryptojacker Kit OWNER Telegram Bot Token in API Request — Supply Chain Indicator - Suricata Rule 1900020 (hunters-ledger)

THL GHOST Cryptojacker Kit OWNER Telegram Bot Token in API Request — Supply Chain Indicator

SID: 1900020Rev: 1Enabled1 views

Filehunters-ledger.rules

CreatedJune 25, 2026

UpdatedJune 25, 2026

Classificationtrojan-activity

alert tls $HOME_NET any -> any any (msg:"THL GHOST Cryptojacker Kit OWNER Telegram Bot Token in API Request — Supply Chain Indicator"; flow:established,to_server; tls.sni; content:"api.telegram.org"; endswith; classtype:trojan-activity; reference:url,the-hunters-ledger.com/hunting-detections/ghost-cryptojacker-vova75rus-77.110.96.200-detections/; metadata:affected_product Linux, attack_target Server, deployment Internal, signature_severity Critical, tag Supply_Chain, tag GHOST_kit, tag Telegram_C2; sid:1900020; rev:1;)

References

url	the-hunters-ledger.com/hunting-detections/ghost-cryptojacker-vova75rus-77.110.96.200-detections/

Metadata

affected productLinux

attack targetServer

deploymentInternal

signature severityCritical

tagTelegram_C2

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!