Computer SkillsBitcoinHow to Mine Bitcoin on a MacEnvato Market has a range of items for sale to help get you started.Simple Python Script to Monitor the SEC Website for Bitcoin ETF (self.BitcoinMarkets)submitted by Long-term HolderHere's a simple script that I thought I'd share with you guys with all the hype around monitoring for ETF updates./coinables/python-bitcoin-etf /watch?v=FvCrxNQYj5o A VERY SIMPLE python script(15 lines of code) that checks the SEC website (https://www.sec.gov/rules/sro/batsbzx.htm) for updates on the Bitcoin ETF.Tired of pressing "F5" all day waiting for an update from the SEC before March 11th 2017?This simple script will automate that process for you and tell whether or not there has been an update on the Bitcoin ETF.Step 1: Downloand and install Python.(Version2 not 3) Step 2: Open up Python IDLE.Step 3: Go to File-> New File./coinables/python-bitcoin-etf/blob/master/etf.py into the new file you just created.Step 5: Save Step 6: Go to Run-> Run Module or Press F5 to run Updates every 90 seconds, you can change the update interval on line 5. π Rendered by PID 11437 on app-162 at 2017-06-24 10:52:40.767915+00:00 running 3522178 country code: SG.

In less than a decade, Bitcoin has gone from concept to niche cryptocurrency, and recently it has made significant inroads into the mainstream.Whether it ultimately endures or fails, Bitcoin's history is unfolding before our eyes.As the price of a solitary Bitcoin skyrocketed from less than $200 to more than $1,000 in late 2013, a spectrum of retailers have tried to capitalize on the buzz by accepting Bitcoin as payments.But from its anonymous creator "Satoshi Nakamoto" to its complex "mining" process to its connection to cybercrime, Bitcoin can be a lot to digest for those who are new to the concept.See also: Bitcoin: How the Internet Created Its Own Currency Rob Lons, 28, counted himself among those newbies when he first learned of Bitcoin in early 2013, but he quickly became "captivated by the concept" and wanted to learn more.Lons said he felt there was no central hub that told the story of Bitcoin as a narrative, so he decided to create one for himself.In a few months time, he pulled more than 150 entries into an interactive timeline, telling the history of Bitcoin.

"I wanted to know more about the early days of Bitcoin," Lons told Mashable."After seeing the lack of information on the [Bitcoin Wiki] and how little concentrated information there was on the history of Bitcoin, I felt it would be an important endeavor."Lons has further integrated himself into the Bitcoin world as the co-founder of BitcoinWebHosting.net, a company that sells Internet services to Bitcoin companies.As someone who's both interested and invested in the currency, Lons said he feels it's important for people to be able to get an accurate characterization of it.alex jones bitcoin crash(Much of the attention Bitcoin gets is because of its connection to illicit activity, most notably the online drug marketplace, Silk Road.)bitcoin cours annéeThe timeline Lons created is embedded below, and it's also viewable at his History of Bitcoin website.bitcoin ledger hardware

Scroll through the cryptocurrency's milestones from its mysterious origins to the Genesis Block to where we are today.BONUS: What Are Bitcoins and How Do They Work?In November 2015 the security outfit InfoArmor published a report about a remote access trojan creation/signing service - GovRAT - being sold in the underground "TheRealDeal" forum.The ad was still up at time of writing, as shown below.Apologies for the color scheme - not one I would have chosen.mining litecoin video cardThe report contained malware hashes, but we were unable to find any of these in any of our sources.gta bitcoin minerHowever, it mentioned specific traffic patterns and the name of a code signing certificate used - "Open Source Developer, SINGH ADITYA".mining litecoin rewardWe found a sample matching this description in our certificate database with the SHA-256 hash 358e170f91da4eed7498aae705578941e0028936ac2ca741389f4ed081251080.

This sample had at the time of writing fairly low detection on VirusTotal.This executable is built with Visual Studio 2010 and packed using UPX, but is otherwise not obfuscated.When run, the trojan installs itself into an unobstrusive location - typically to %APPDATA%\Roaming\Microsoft\Internet Explorer\reader_sl.exe.Persistence is achieved by placing a *.LNK file pointing to the executable in the user's startup folder.All key parameters are hardcoded into the malware itself, such as the installation location, file names, and command & control server address.Based on the indicators from the initial file, we were able to find a number of other files that were related.Most of these were indeed digitally signed.Other certificates we found used with GovRAT samples were (Subject, Issuer, Serial): These samples are of slightly different generations - some include encrypted strings, others do not.The earliest sample we could find has a compile date of July 1, 2014; someone submitted it to VirusTotal the same day.

The latest sample we have is timestamped Sept 29, 2015.As mentioned in the InfoArmor report, all samples check for the hard drive volume serial number as means of sandbox evasion.The July 2014 sample, for example, compares the volume serial number of the hard drive against a list of 10 serial numbers known to be used by publicly-available or commercial sandbox tools.The most recent sample checks for 11, which means only one new serial number was added in a little more than a year.This is not very impressive as evasion maintenances go.If the malware detects one of the known serial numbers in use, it quits immediately.This use of a simple blacklist is fairly rudimentary, and the fact it’s hardcoded means that anyone who can modify the serial number(s) used in virtual hard drives can evade this evasion technique.GovRAT does check its own Authenticode signature through a call to the Windows API WinverifyTrust: The API is called with the pgActionID GUID parameter {00AAC56B-CD44-11d0-8CC2-00C04FC295EE} - also known as WINTRUST_ACTION_GENERIC_VERIFY_V2.

With these inputdata this API returns the Authenticode verification status of the file object requested, in this case, the malware file itself.This status is communicated back to the bot operator as a character code in the initial C&C checkin.Whatever evasion methods contained in these backdoors, they run fine in the BlueCoat Malware Analyzer application, and are behaviorally noisy enough to identify with ease.The ad for GovRAT says that it uses “secret Windows APIs to communicate”.By that, the author refers to the Background Intelligent Transfer Service, also known as BITS.BITS is a service present on any Windows OS from Windows 2000 and upwards.It facilitates resource effective file transfers between machines, and is typically used by Windows Update.However, it also exposes a COM API which non-Windows processes can make use of.By using BITS, one does not have to bother with the details of managing a TCP connection or creating HTTP headers, as all that is handled by the service.GovRAT uses just this for networking, and this is the reason why GovRAT traffic (as mentioned in the InfoArmor report) contains the UserAgent string “Microsoft BITS/7.5”.

This may vary depending on which BITS version the malware has access to, however.BITS is also a protocol which is normally assumed to be legitimate and allowed through firewalls, and it supports SSL out of the box – all these are features touted by the GovRAT  author.The use of BITS for malicious purposes is however neither secret nor new.It’s been used by various malware since at least 2007.One interesting aspect of the GovRAT use of BITS is that it deliberately cancels BITS transfer jobs where the job description starts with “bpcd” which is not already in transfer.It is our assumption that these canceled jobs are related to a backup service, but maybe the you peope in the online community knows more about this?The rationale for this action is not evident – it is something more reminiscent of ransomware activity than surveillance – but perhaps the author simply thought to remove some of the blocking jobs and competition for the bandwith.At the initial connect to C&C, the sample posts username, Windows version, whether the user is Administrator (denoted by an “!”

character), whether the executable has a valid Authenticode signature (denoted by an "~" character), and disk volume serial to the remote host.The volume serial is later used as part of the encryption scheme for sending commands to the client.GovRAT also defines BITS callbacks to monitor the transfer status of its jobs.Commands supported by GovRAT include: Given that GovRAT is being sold as a kit on the Dark Web, we expected to find multiple command and control infrastructures in place.This turned out not to be the case.The C2 servers we found followed similar domain name patterns, resided on the same IP ranges and shared the same dubious history.The following C&C domains were found in the known GovRAT samples: In addition, the infrastructure overlaps closely with previously known criminal activity revolving around DDOS and malicious Bitcoin mining.Several toolsets have been observed either downloaded from these machines or calling back to these machines, such as: Linux/Tsunami, a DDOS bot Linux/BitcoinMiner Linux/Mayhem bots IRC-controlled DDOS bots based on Perl2Exe .

This masquerades as a DynDNS domain, but appears not to be.Overview of the GovRAT infrastructure and related connections We do not know with certainty that the same person(s) behind GovRAT are behind the other criminal activity emanating from this infrastructure.However, it is a fair assumption that they are affiliated somehow, or at least know each other.Blue Coat maintains a database of signed executables, which enable us to go back in time and find files signed with bad certificates.By mining for the certificates mentioned above, we were able to dig up a lot of new GovRAT samples, but that was not all we found.Many different malware campaigns showed up.Some of these were unknown to us, and some were really unexpected.It is our assumption that these apparently unconnected clusters of malware share this connection simply because the underground certificate vendors resell the certificates over and over.They surely turn a nice profit by doing this, but they are also obliterating the operational security of their customers.

We are not complaining, though their customers might want to ask for a refund.Here are a few examples: Open Source Developer, Marc Chapon: This certificate was used on at least three GovRAT samples and four Bandook trojan samples.It was also apparently sold to the customer coming up next... Open Source Developer, Muhammad Lee This certificate was used on at least two GovRAT samples and on at least ten samples of a different malware family.This other family was packed with VMprotect, and needed some manual unpacking.Imagine my surprise when my emulator showed this result: That’s right.These ten samples all belong to HackingTeam’s infamous “government malware” – Remote Control System, alias RCS.HackingTeam were themselves hacked mid-2015, and a lot of internal company information leaked into the public domain.The GovRAT samples were signed and cryptographically timestamped as far back as July 2014 (Muhammad Lee) and Jan-Feb 2015 (Marc Chapon), so the signing keys were apparently not appropriated as part of the HackingTeam data leak.

Indeed, the leaked emails themselves reveal that HackingTeam late 2014 became aware of the Marc Chapon certificate being used on a Bandook sample.They were upset; especially since the certificate had not been used by them at all, but was a “backup”.Most of the RCS samples do however appear to be part of the leaked HackingTeam dataset.A zip file named asset_test.zip containing many of these samples was submitted to VirusTotal only a couple of days after the breach.Also, RCS samples are usually tagged with a special “watermark” which uniquely identify customer license; and these samples all contained apparent internal HackingTeam test or development watermarks – DEVEL, HT-HISTORY and HT-MINOTAURO.The Muhammad Lee certificate itself can be found mentioned in the leaked HackingTeam email spool, along with a number of other certificates – including the one mentioned above - Open Source Developer, Marc Chapon.Other certificates mentioned in the leaked data were: The first two of these were applied on a few samples, and most of those seem to have been internal test/development cases.

The last certificate – meicun ge – has already been mentioned to in a blog post by CitizenLab, and has been used on a large number of executables (we have 166 RCS samples with this signature).Although marketed as an APT tool, the GovRAT malware itself is not really very advanced.Its capabilities are limited, the design is monolithic, and all important parameters are hardcoded in the binary.There are a number of programming errors, and some rookie mistakes – such as including source code filenames in the trojan executable.And, contrary to what the name would suggest, apart from information from the original InfoArmor article we have not seen any indication that GovRAT has been used by governments; but there are connections to pre-existing DDOS and Bitcoin mining infrastructure.There are some interesting aspects to GovRAT, such as relying exclusively on the BITS protocol for communication with its C&C server.As we have seen before with other protocols like WebDAV, this illustrates that you cannot give any protocol a free pass without scrutiny.