Detection rules › Kusto Query Language
DNS events related to mining pools (ASIM DNS Schema)
'Identifies IP addresses that may be performing DNS lookups associated with common currency mining pools. This analytic rule uses ASIM and supports any built-in or custom source that supports the ASIM DNS schema'
MITRE ATT&CK coverage
| Tactic | Techniques |
|---|---|
| Impact | T1496 Resource Hijacking |
Event coverage
| Provider | Event ID | Title |
|---|---|---|
| Sysmon | 22 | DNSEvent (DNS query) |
Stages and Predicates
Stage 1: source
_Im_Dns