THL GHOST Cryptojacker Kit DNS Query to Mining Pool Domains

SID: 3500021Rev: 1Enabled2 views
History
Filehunters-ledger.rules
CreatedJuly 5, 2026
UpdatedJuly 5, 2026
Classificationpolicy-violation
alert dns $HOME_NET any -> any any (msg:"THL GHOST Cryptojacker Kit DNS Query to Mining Pool Domains"; dns.query; content:".kryptex.network"; endswith; nocase; threshold:type threshold, track by_src, count 3, seconds 60; classtype:policy-violation; reference:url,the-hunters-ledger.com/hunting-detections/ghost-cryptojacker-vova75rus-77.110.96.200-detections/; metadata:affected_product Linux, attack_target Server, deployment Perimeter, performance_impact Low, signature_severity High, tag Cryptojacking, tag GHOST_kit; sid:3500021; rev:1;)

Metadata

affected productLinux
attack targetServer
deploymentPerimeter
performance impactLow
signature severityHigh
tagGHOST_kit

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!