ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://80.87.198.211/456/lowAsyncauth9/WindowsPoll/generatorMariadb/privateAuth/async/_/Pipe8/Dbtraffic.php.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2025-12-16 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	518765
IOC:	http://80.87.198.211/456/lowAsyncauth9/WindowsPoll/generatorMariadb/privateAuth/async/_/Pipe8/Dbtraffic.php
IOC Type :	url
Threat Type :	botnet_cc
Malware:	DCRat
Malware alias:	DarkCrystal RAT
Confidence Level :	Confidence level is high (100%)
ASN:	AS29182 RU-JSCIOT
Country:	RU
First seen:	2022-04-12 06:56:06 UTC
Last seen:	never
UUID:	a0690563-ba2d-11ec-8873-42010aa4000a
Reporter	abuse_ch
Reward	5 credits from ThreatFox
Tags:	dcrat

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)	SHA256 hash	Bazaar
2022-04-13 06:05:40	4864186c3e990ae43e9c075faf05a1ca4263ff8abbecbf8714cf40df9f5e8b3c
2022-04-13 05:30:36	1bc375e67617c7dce1ace5ef7a886fc3ee5a64a35493b6accb5619da4411b088
2022-04-12 16:50:49	a25fa75823b12ad0c72c4d4ec76ab7d2764d6b86da330955a155cb3ec47d81a1
2022-04-12 16:15:54	0061019f4b7c75ebcebec039688eee3c12a7a4f057cbc2dafa12d36e1b2761cc
2022-04-12 14:55:50	202879748a5faa4b266e6b2321f475e645c7bfe96dba2a3b2a986c53d5a7e946
2022-04-12 06:56:09	1bd8db988097189cd8deae59d4d954ab78e974342cc5fe1419dc223789b22959