ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://79.137.202.179/04/Low3sql/2UploadsDownloadsbase/Voiddbprotonvoiddb/8Temp/9To/privateAuthBetter/Proton/0base/dleEternalRequest/default40downloads/ProcessorBigloadcentral.php.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2025-12-26 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	949926
IOC:	http://79.137.202.179/04/Low3sql/2UploadsDownloadsbase/Voiddbprotonvoiddb/8Temp/9To/privateAuthBetter/Proton/0base/dleEternalRequest/default40downloads/ProcessorBigloadcentral.php
IOC Type :	url
Threat Type :	botnet_cc
Malware:	DCRat
Malware alias:	DarkCrystal RAT
Confidence Level :	Confidence level is high (100%)
ASN:	AS210644 AEZA-AS
Country:	RU
First seen:	2022-10-26 08:55:31 UTC
Last seen:	never
UUID:	f209c2f2-550b-11ed-a76d-42010aa4000a
Reporter	abuse_ch
Reward	5 credits from ThreatFox
Tags:	dcrat

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)	SHA256 hash	Bazaar
2022-10-26 22:55:15	d871b8598ab8159a1fece0c224aa3747994e88b70ac29696b55c1123a1fd8269
2022-10-26 18:25:25	1b3e3d5928c895b67e6e5c0fd52f42c3c88cccb79ee6fc4e8f667fe52f4048e7
2022-10-26 14:25:26	f1d40c753045905eb4de629feb351fc9238cccb58c9d8e37245c700534328455
2022-10-26 10:55:35	652a5b7cdef7b7b4c5ac3b5e89828b10acd7bf510e5daee0350cedde20fe74cd
2022-10-26 10:35:36	0c9db43519eb6d69a1f50ed8726474d51f0d1958273d23bfe5e278b0e11e7153
2022-10-26 09:30:34	983091c09d5253d70d6416d5bc6cc7f246cd90a7f92f7d0846e03331783d56a7
2022-10-26 09:05:38	27a6f9ce83db466417e3f11b70bf629a20f937afb9646932d873239f899277eb
2022-10-26 09:00:37	47790448e8da506566f217e97b9986a5dc646f87e5b1e0bc248cf3cb9b17409d