ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://cu09209.tw1.ru/f492a693.php.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2025-12-10 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	1381812
IOC:	http://cu09209.tw1.ru/f492a693.php
IOC Type :	url
Threat Type :	botnet_cc
Malware:	DCRat
Malware alias:	DarkCrystal RAT
Confidence Level :	Confidence level is high (100%)
ASN:	AS9123 TimeWeb-AS
Country:	RU
First seen:	2025-01-11 15:40:06 UTC
Last seen:	never
UUID:	552e8aad-d032-11ef-893f-42010aa4000a
Reporter	abuse_ch
Reward	50 credits from Folz
Tags:	dcrat

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)	SHA256 hash	Bazaar
2025-01-12 14:55:09	0a0eebfca8553e921339c90b0060ceb6adcbc5f747696b1abecd376f50283911
2025-01-12 07:45:18	75e9a0ab3a75f42cdae23e971e2f34f447aeed1bc9b0adf11d47cd2dc04a0835
2025-01-11 17:35:10	74b7f7ab11694433db9e6f10265127cb9ab239983f0442d6aea1a475713018e3
2025-01-11 17:25:09	f62010b7a1b10bb8cc3bcdfa7e4c96e4acc5e792d670916e0fd7372288a28510
2025-01-11 15:40:08	f08bab568e1877365870d1d321bb77c1e6e36f5f91b29e73c7c33d13a01c31d1