Resolved vvvhhhccc.com to 192.111.153.98 Server: vvvhhhccc.com Gate file: /8/8/8/be/order.php Alternate domains: virusprotect.su virus-protector.net latinodancewears.com.vn He has a plasma http botnet on the same domain that he is using to mine dogecoins. Gate file: /8/8/plasma/login.php Hosting info: http://whois.domaintools.com/192.111.153.98 Related md5s (Download samples from Malwr.com) Betabot: a58ddb7a7a3b823ff0ddd541f136d9f4 Plasma: 401459ef275cf0639a855a4dff234bf5 Mining info: Stratum+tcp://pool.dogechain.info:3333 -u latinodresses.plasmahttp -p x
illuminati.sx (Plasma http botnet hosted by worldstream.nl)
Resolved illuminati.sx to 109.236.80.74 Server: illuminati.sx Gate file: /http/gate.php This is the first time I have seen the HTTP version of plasma and it sucks hard. It seems to be a slightly upgraded version of the old barracuda HTTP bot, with few of the problems fixed. Hosting info: http://whois.domaintools.com/109.236.80.74 Bitcoin mining info: miner.start http://109.236.80.74/miner/CPUMiner.files *-aRead more...