ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://188.120.254.194/ProviderpipeLow.php.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2025-12-16 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	846028
IOC:	http://188.120.254.194/ProviderpipeLow.php
IOC Type :	url
Threat Type :	botnet_cc
Malware:	DCRat
Malware alias:	DarkCrystal RAT
Confidence Level :	Confidence level is high (100%)
ASN:	AS29182 RU-JSCIOT
Country:	RU
First seen:	2022-08-29 01:56:29 UTC
Last seen:	never
UUID:	cc7b3c13-273d-11ed-ae73-42010aa4000a
Reporter	abuse_ch
Reward	5 credits from ThreatFox
Tags:	dcrat

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)	SHA256 hash	Bazaar
2022-08-29 23:15:08	6def08187a2c092fc1f544405bbbb5c87aa87f3ca9246f7eef0e50b205b72a2a
2022-08-29 09:56:34	bcc844cb5efeae16a975a32b57e0fc4a937c744fbdc233899be5bc7a373f37bf
2022-08-29 04:06:15	faedbbd712380764b434dfa60680dd74cea1d1f16aa80b59670faad88524dc46
2022-08-29 01:56:31	0eec8be07d385c5cb6770de043c33750b5cc068b39c623d268b724c88e30df53