While crypto-mining botnets aren’t new they are expanding capabilities and objectives such as Prometei. It is important to take this threat seriously because more destructive malware could be loaded after the crypto-mining operation is complete. This is a modular botnet with development and evolution leading researchers to believe it to be authored and backed by a more sophisticated dev/threat group. As a point of emphasis, this botnet is cross-platform adjusting its payload and delivery methods to the platform it finds itself infecting. Incident response stops the damage after the fact, however when those teams are supplemented with proper threat research and proactive threat hunting, it reduces the time to detection and minimizes the risk of harm from the malware. With proper attention, researchers and hunters craft detections that are able to cut the attackers off in the early stages of infection before further compromise and manipulation of data occurs. Binary Defense provides Threat Hunting services, working closely with Counterintelligence to supplement Security Operations Center monitoring.

https://securityaffairs.co/wordpress/117229/malware/prometei-botnet-is-targeting-proxylogon-microsoft-exchange-flaws.html