Trick or treat? Unveil the “stratum” of the mining pools

In this presentation we explain how to hunt for cryptomining malicious activities, focusing on detection of collaborative work using the stratum protocol.

In the world of cryptocurrency-related malware, mining botnets are a growing threat for organizations. It is also not unusual today to have banking malware, ransomware, or spyware embedding cryptomining capabilities.

In this presentation we explain how to leverage publicly available sources for hunting cryptomining malicious activities. We focus on a common behavior of such malicious activities: using collaborative work to mine cryptocurrencies.

All the tools and scripts detailed in this presentation are or will be available in a GitHub repository: https://github.com/kwouffe/


Emilien Le Jamtel Security Analyst, CERT-EU

Emilien is a security analyst for CERT-EU since 4 years, also responsible for the monitoring and hunting activities in CERT-EU.

Ioana-Andrada TODIRICA IT Service Officer, CERT-EU

-