ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://62.109.1.128/jsPrivate.php.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2025-12-26 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	392759
IOC:	http://62.109.1.128/jsPrivate.php
IOC Type :	url
Threat Type :	botnet_cc
Malware:	DCRat
Malware alias:	DarkCrystal RAT
Confidence Level :	Confidence level is high (100%)
ASN:	AS29182 RU-JSCIOT
Country:	RU
First seen:	2022-03-06 18:55:41 UTC
Last seen:	never
UUID:	05267b2f-9d7f-11ec-a022-42010aa4000a
Reporter	abuse_ch
Reward	5 credits from ThreatFox
Tags:	dcrat

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)	SHA256 hash	Bazaar
2022-03-07 14:56:01	19a39eb46578ae4e1311107c3f1322ec4e051f905400f9001c836647e3070833
2022-03-07 04:55:23	0fb87be6ab8aaffaf1c0099903a36d1c00f8edc5ff893545316907fcef375d67
2022-03-06 18:55:44	0f170d076cdf9d643802f038f9a4c9a28e4c73334ebe05ebf59eca86cb4abd3c