Malware that deploys crypto mining software has become more and more popular and annoying. It’s not always possible to scan every device in your network with our free or commercial compromise assessment scanners.
The good news is that the mining pools for the most popular crypto currency Monero (Symbol: XMR) are limited.
Therefore we’ve decided to compile a list of these mining pools that you can use to monitor your firewall or DNS servers.
For a very generic approach, your could try using the following patterns:
Our customers can use THOR to scan for scripts, executables, DNS cache, process connections, log entries and other elements for traces of crypto mining activity.
Monero Mining Pool Addresses