ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://cp111468.tw1.ru/_Defaultwindows.php.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1804668
IOC: http://cp111468.tw1.ru/_Defaultwindows.php
IOC Type :url
Threat Type :botnet_cc
Malware: DCRat
Malware alias:DarkCrystal RAT
Confidence Level : Confidence level is high (100%)
Is compromised? : False
ASN:AS9123 TimeWeb-AS
Country:- RU
First seen:2026-05-02 07:15:27 UTC
Last seen:never
UUID:b21fc3bb-45f6-11f1-8759-42010aa4000a
Reporter abuse_ch
Reward 5 credits from ThreatFox
Tags:dcrat RAT

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)SHA256 hashBazaar
2026-05-02 07:30:20 8fa7c3818473d8a904cf5652a4fbd9ba96795a2e82b8f189d870ddb9a172353e
2026-05-02 07:15:30 947bf9d7c04554915b4c68b1152afeff923fcd74ab718e9c63a603fe48a7cd1e