Techniques
Sample rules
Monero Crypto Coin Mining Pool Lookup
- source: sigma
- technicques:
- t1496
- t1567
Description
Detects suspicious DNS queries to Monero mining pools
Detection logic
condition: selection
selection:
query|contains:
- pool.minexmr.com
- fr.minexmr.com
- de.minexmr.com
- sg.minexmr.com
- ca.minexmr.com
- us-west.minexmr.com
- pool.supportxmr.com
- mine.c3pool.com
- xmr-eu1.nanopool.org
- xmr-eu2.nanopool.org
- xmr-us-east1.nanopool.org
- xmr-us-west1.nanopool.org
- xmr-asia1.nanopool.org
- xmr-jp1.nanopool.org
- xmr-au1.nanopool.org
- xmr.2miners.com
- xmr.hashcity.org
- xmr.f2pool.com
- xmrpool.eu
- pool.hashvault.pro