Xmrig Driver Loaded

This analytic identifies XMRIG coinminer driver installation on the system. The XMRIG driver name by default is WinRing0x64.sys. This cpu miner is an open source project that is commonly abused by adversaries to infect and mine bitcoin.


Xmrig Driver Loaded Help

To successfully implement this search, you need to be ingesting logs with the driver loaded and Signature from your endpoints. If you are using Sysmon, you must have at least version 6.0.4 of the Sysmon TA.


