very simple yara to find xmrig Crypto-Miners

xmrig.yar

rule MinerGate
{
strings:
$a1 = "minergate.com"
condition:
$a1
}

rule MoneroOrg
{
strings:
$a1 = "POOL.MONERO.ORG"
$a2 = "pool.monero.org"
condition:
$a1 or $a2
}

rule cryptonotepool
{
strings:
$a1 = "cryptonotepool.org.uk"
condition:
$a1
}

rule minexmr
{
strings:
$a1 = "minexmr.com"
$a2 = "x.opmoner.com"
condition:
$a1 or $a2
}

rule monerocryptopoolfr
{
strings:
$a1 = "monero.crypto-pool.fr"
condition:
$a1
}

rule monerobackuppoolcom
{
strings:
$a1 = "monero.backup-pool.com"
condition:
$a1
}

rule monerohashcom
{
strings:
$a1 = "monerohash.com"
condition:
$a1
}

rule mropooltobe
{
strings:
$a1 = "mro.poolto.be"
condition:
$a1
}

rule moneroxminingpoolcom
{
strings:
$a1 = "monero.xminingpool.com"
condition:
$a1
}

rule xmrprohashnet
{
strings:
$a1 = "xmr.prohash.net"
condition:
$a1
}

rule dwarfpoolcom
{
strings:
$a1 = "dwarfpool.com"
condition:
$a1
}

rule xmrcryptopoolsorg
{
strings:
$a1 = "xmr.crypto-pools.org"
condition:
$a1
}

rule moneronet
{
strings:
$a1 = "monero.net"
condition:
$a1
}

rule hashinvestnet
{
strings:
$a1 = "hashinvest.net"
condition:
$a1
}

rule stratum_tcp_general
{
strings:
$a1 = "stratum+tcp"
$a2 = "stratum+udp"
condition:
$a1 or $a2
}

rule miner
{
	strings:
    $a1 = "stratum+tcp"
    $a2 = "stratum+udp"
    condition:
    $a1 or $a2
}

good point

updated

I absolutely love the simplicity of looking for the stratum+tcp and stratum+udp strings. I really think this could catch the majority of miners that aren't heavily obfuscated.

I tried them but they don't work.

thanks very constructive and self explanatory.