This detection rule is tailored to identify potential Command and Control (C2) activities using the New Kind of Network (NKN), which employs blockchain technology to establish a decentralized networking service. While NKN provides legitimate services, it has been associated with malicious activities due to its capability to facilitate C2 channels for hackers. The rule specifically monitors DNS requests targeting NKN's domains, particularly those that contain the keywords 'seed' and end with '.nkn.org'. By capturing and analyzing these DNS queries through the Zeek network monitoring platform, this rule aims to flag suspicious behavior that may indicate unauthorized or malicious use of the NKN infrastructure. Given the low false positive rate associated with this detection, it is crucial for organizations relying on Zeek for network security to remain vigilant against potential C2 threats that might exploit decentralized networks.