ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://188.120.244.159/Request1/0/universalDefaulthttp/PublicbaseLinuxdefault/Request9Multi6/ApigeotempProtect/GeneratorLineServer/lineCentralTo0/Voiddb0Request8/7centralPrivate/Process1/ServerDbdatalifedownloads.php.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2025-12-15 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	844894
IOC:	http://188.120.244.159/Request1/0/universalDefaulthttp/PublicbaseLinuxdefault/Request9Multi6/ApigeotempProtect/GeneratorLineServer/lineCentralTo0/Voiddb0Request8/7centralPrivate/Process1/ServerDbdatalifedownloads.php
IOC Type :	url
Threat Type :	botnet_cc
Malware:	DCRat
Malware alias:	DarkCrystal RAT
Confidence Level :	Confidence level is high (100%)
ASN:	AS29182 RU-JSCIOT
Country:	RU
First seen:	2022-08-23 12:30:48 UTC
Last seen:	never
UUID:	6ad116ea-22df-11ed-ae73-42010aa4000a
Reporter	abuse_ch
Reward	5 credits from ThreatFox
Tags:	dcrat

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)	SHA256 hash	Bazaar
2022-08-24 08:20:20	7174bbabe08acc4aaad3041ea46950cde0fec7e5be5ee0447bc0127b8aa15fff
2022-08-23 23:10:52	c1b3fc9f529906c1a1a57cd1a247b025ddf2338e779c710088a3de6422d66a4b
2022-08-23 15:10:48	865fe4d03d929a3ee744ba654560052f46badf486ad2ce4c07f1b17f04feb75e
2022-08-23 13:55:45	96ccff8178b0e8ad7e1733783b7a328d6f1f00149feed2a773179d8a71bcd92f
2022-08-23 13:30:58	6f8fd988235a284f5f237e5898e9b2ceb72dc5a019a165f13cecfce1d1f1b747
2022-08-23 12:30:50	a8b3fe033f50f690d169c42bfeada5d70b11806ef13b3bd0b35c642ddf563a2f