ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://cp48625.tmweb.ru/providervideopythonProtectuploads.php.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2025-12-16 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	384297
IOC:	http://cp48625.tmweb.ru/providervideopythonProtectuploads.php
IOC Type :	url
Threat Type :	botnet_cc
Malware:	DCRat
Malware alias:	DarkCrystal RAT
Confidence Level :	Confidence level is high (100%)
First seen:	2022-02-08 21:51:09 UTC
Last seen:	never
UUID:	39d55543-8929-11ec-a022-42010aa4000a
Reporter	abuse_ch
Reward	5 credits from ThreatFox
Tags:	dcrat

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)	SHA256 hash	Bazaar
2022-02-09 03:25:48	493a2547e41f5c448e3638a63a91a3b07950202fb912d187688223eb4081483f
2022-02-09 00:41:01	641cf14a52fed4e87be9a147786faecb80f37540a311f3f4808122770d495ff0
2022-02-08 21:51:12	98ffc728af21719a098acb136f751ffe3c0933d4a23bb75061b051e8e48999fe