This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Webinar May 29th: Log Ingestion: Bindplane + Google SecOps
Log in to ask a question

GCTI threat feed name for Cryptomining domain

Posted on 02-14-2025 08:08 AM
Mufa_shah
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

How to find cryptomining bad domain related threat feed names? for  building rules using graph entity in yara L. 

0 3 161
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
ErikaB
Community Manager
Community Manager
Reply posted on --/--/---- --:-- AM

Hi @mmufa 

You might find some helpful examples in the community-contributed YARA-L rules on GitHub. https://github.com/chronicle/detection-rules.  Look for rules that detect cryptomining and examine how they access threat intelligence data. 

0 Likes

Posted on --/--/---- --:-- AM
Mufa_shah
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

@ErikaB Thanks Erica i have gone through this not much helpful need specific  threat feed name related to cryptomining domains

0 Likes

Posted on --/--/---- --:-- AM
DanDye
Staff
Reply posted on --/--/---- --:-- AM

@Mufa_shah navigate to IoC Collections:
https://www.virustotal.com/gui/threat-landscape/ioc-collections
...and then search for "cryptomining"

Top Solution Authors
View all