This detection rule identifies and alerts on unauthorized network connections made to known cryptocurrency mining pools. Such connections may indicate that a compromised system is being used for crypto mining without the owner's consent, potentially leading to resource exhaustion and a violation of corporate IT policies. The rule specifically focuses on destination hostnames commonly associated with popular cryptocurrency mining services, targeting both generic and specific pool addresses. By signaling any attempts to connect to these pools, security teams can investigate further, mitigating risk associated with unwanted crypto mining operations occurring within their network environments. Given the rising prevalence of crypto mining malware, implementing this rule serves as a critical layer in a comprehensive security posture. It is imperative for organizations to stay vigilant and respond promptly, as this behavior could signify a breach or misuse of internal resources.