< Back to rules searchDNS lookup for cryptocurrency mining pool
Goal
Attackers often use compromised cloud infrastructure to mine cryptocurrency.
Strategy
Detect when a process performs a DNS lookup for a domain related to cryptomining.
Triage and response
{{@process.executable.name}}
performed a DNS lookup for {{@dns.question.name}}
- Contain the host or container and roll back to a known good configuration.
- Review the process tree and determine the initial entry point.
Requires Agent version 7.36 or greater