# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: BeamWinHTTP, ElectrumDoSMiner

# Reference: https://twitter.com/P3pperP0tts/status/1122089616360734720
# Reference: https://app.any.run/tasks/1d382767-1032-41bd-9a0c-4c3f31c44646
# Reference: https://blog.malwarebytes.com/cybercrime/2019/04/electrum-ddos-botnet-reaches-152000-infected-hosts/
# Reference: https://www.virustotal.com/gui/ip-address/178.159.37.113/relations
# Reference: https://www.virustotal.com/gui/ip-address/188.214.135.174/relations
# Reference: https://www.virustotal.com/gui/ip-address/194.63.143.226/relations
# Reference: https://www.virustotal.com/gui/ip-address/217.147.169.179/relations

btcore.ddns.net
t-trade.net

http://178.159.37.113
http://188.214.135.174
http://194.63.143.226  
http://217.147.169.179

# Generic trails

/serviceaddresses.php
/pingtransaction.php
/pingsub.php
