ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://ch25498.tw1.ru/9c2cab3e.php.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1561133
IOC: http://ch25498.tw1.ru/9c2cab3e.php
IOC Type :url
Threat Type :botnet_cc
Malware: DCRat
Malware alias:DarkCrystal RAT
Confidence Level : Confidence level is high (100%)
ASN:AS9123 TimeWeb-AS
Country:- RU
First seen:2025-07-27 06:20:10 UTC
Last seen:never
UUID:bfbeb7eb-6ab1-11f0-851c-42010aa4000a
Reporter abuse_ch
Reward 5 credits from ThreatFox
Tags:dcrat RAT

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)SHA256 hashBazaar
2025-07-28 01:50:14 1570eccae560c58ea44678a7c2c22d1465ea8a9877c6009425d737927ed76920
2025-07-27 18:15:35 ba2d4bb1811b715213b5845997a842f503c822a5500852f14a3ecf68aa320fc2
2025-07-27 18:00:20 b97ea2aa74f7242a5c80e11e87484d5e8f293493db33973adce9c1854a734250
2025-07-27 06:25:54 bd6dd0383aadbfe35d3ff072e5cfe720252fe7b269da1c8248a3750040f72d0d