A long-running cryptocurrency mining botnet that spreads in a worm-like manner using the same NSA-attributed EternalBlue exploits as the infamous WannaCry ransomware attacks. Instead of encrypting your files, MsraMiner steals CPU resources to mine Monero.


EternalBlue exploit leveraging a vulnerability in Microsoft Windows Server Message Block protocol (CVE-2017-0016)

Drops XMRig to mine Monero

Propagates laterally through a network without user interaction

MsraMiner first launched in May of 2017, progressing through two versions with the latest update seen in March 2018.

Products sold by OpenVault are for entertainment and educational purposes only. Customer’s are purchasing a physical copy of digital artwork (Software box).

Add To Cart