ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://h162295.srv13.test-hf.su/externalphpLow.php.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2025-12-16 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	459541
IOC:	http://h162295.srv13.test-hf.su/externalphpLow.php
IOC Type :	url
Threat Type :	botnet_cc
Malware:	DCRat
Malware alias:	DarkCrystal RAT
Confidence Level :	Confidence level is high (100%)
ASN:	AS207027 Eximius-AS
Country:	RU
First seen:	2022-03-29 00:52:42 UTC
Last seen:	never
UUID:	8a4061c0-aefa-11ec-8c1d-42010aa4000a
Reporter	abuse_ch
Reward	5 credits from ThreatFox
Tags:	dcrat

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)	SHA256 hash	Bazaar
2022-03-29 17:31:14	4fc9a63acc0f70d05e72fa6fa3d4ec578a798b18e539a4e100db0147e0a7dc80
2022-03-29 13:56:53	549ab47d848db8f4a1976397016a58f1c17e348c18a59a573b6e6ec87828bfc4
2022-03-29 08:32:00	444e7c8dd5956905bac2e3ece402db4d722ba63acf21553c5da54d6b3e02b466
2022-03-29 08:02:15	e58ed71b4be6e9dcb4578623b8199c778f03fca1fcca60081c8e9a200f14c34f
2022-03-29 04:17:16	c45624a48a26b4cdf6abfd84c33beb25879092c177c24ab11c97bda175d0331e
2022-03-29 02:12:17	82450ee9bb709d99aff3ed006f9129dc3fc53366fc4a8188c9ec9f4a1e70da38
2022-03-29 00:52:45	05670108cebf88fefd256c49f96012d1d065aab879d47e98bf0bca383b44fb08