ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://185.174.136.187/universalUploads/cdnUploads/Poll/LowuniversaltrackWordpress.php.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2025-12-12 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	894979
IOC:	http://185.174.136.187/universalUploads/cdnUploads/Poll/LowuniversaltrackWordpress.php
IOC Type :	url
Threat Type :	botnet_cc
Malware:	DCRat
Malware alias:	DarkCrystal RAT
Confidence Level :	Confidence level is high (100%)
ASN:	AS216246 RU-AEZA-AS
Country:	RU
First seen:	2022-10-19 08:20:38 UTC
Last seen:	never
UUID:	e9b33ddb-4f86-11ed-9bf4-42010aa4000a
Reporter	abuse_ch
Reward	5 credits from ThreatFox
Tags:	dcrat

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)	SHA256 hash	Bazaar
2022-10-19 09:17:34	e16575b60724ec8e60f5737b21fd203c840827824e5381ccd59bba3a73382815
2022-10-19 09:17:31	8f098d3db473a169c44697130f8af8d54d2cef231d17fb384fe5a2b2ccff6715
2022-10-19 08:56:05	b2f68f4bc4b9e4928c1563c0cce8f0551060ea1e301194b1f27689d8fcd62f61
2022-10-19 08:25:46	bcefdf8c2cbc735ff46edae5f02fee6767833f520805ffbbfd36f42bd7eb5218
2022-10-19 08:25:43	4b9389d77338b5614133e85cf8a2d562c9994d9ca29df78631141a4b254d7a09