ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://45.144.52.152/PhpjsupdateBaseAsyncWp.php.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2026-01-20 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	1410692
IOC:	http://45.144.52.152/PhpjsupdateBaseAsyncWp.php
IOC Type :	url
Threat Type :	botnet_cc
Malware:	DCRat
Malware alias:	DarkCrystal RAT
Confidence Level :	Confidence level is high (100%)
Is compromised? :	False
First seen:	2025-02-12 16:10:08 UTC
Last seen:	never
UUID:	d455f55a-e95b-11ef-a83f-42010aa4000a
Reporter	abuse_ch
Reward	50 credits from Folz
Tags:	dcrat

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)	SHA256 hash	Bazaar
2025-02-13 04:05:12	5df96b8c73fb4888dfff0aa7614d24b7eb4d89fad8497cc078948f9778475b84
2025-02-12 23:45:11	d81e96dfb9f8bbf51b1b7a50f981dbd297d5de0516cf45eab0bd301b244a863c
2025-02-12 16:10:11	ed5f1d6b9cd6b16d5a26c5138d8dce24ec8336ffdc3fd0a0bc49588887611da0