A sophisticated multi-staged cryptojacking malware campaign that targets internal networks with the NSA-attributed EternalBlue and EternalSynergy exploits. Zealot allows its creators to hijack CPU power of compromised systems to mine Monero, a cryptocurrency designed for privacy and anonymity.

By leveraging the NSA attributed exploits, EternalBlue and EternalSynergy, Zealot can move laterally through a compromised network without the need for user interaction.

Key Features

Exploits Windows and Linux servers vulnerable to:

CVE-2017-5638: Apache Struts Jakarta Multipart Parser attack

CVE-2017-9822: DotNetNuke (DNN) content management system vulnerability

EternalBlue and EternalSynergy exploits

PowerShell agent for Windows

Python agent for Linux/OS X

Uses the EmpireProject post-exploitation framework

Mines Monero

Products sold by OpenVault are for entertainment and educational purposes only. Customer’s are purchasing a physical copy of digital artwork (Software box).