A cryptocurrency-mining botnet attack called “Prometei” has been discovered using several techniques. This threat demonstrates several techniques like disabling Security Tools, Remote File Copy, Obfuscated Files or Information, PowerShell, Service Execution, Masquerading and Connection Proxy. Cisco Talos recently discovered this complex campaign employing a multi-modular botnet with multiple ways to spread and a payload focused on providing financial benefits for the attacker by mining the Monero online currency. The actor employs various methods to spread across the network, like SMB with stolen credentials, psexec, WMI and SMB exploits. The adversary also uses several crafted tools that helps the botnet increase the amount of systems participating in its Monero-mining pool.