ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://94.156.177.41/simple/five/fre.php.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1346202
IOC: http://94.156.177.41/simple/five/fre.php
IOC Type :url
Threat Type :botnet_cc
Malware: Loki Password Stealer (PWS)
Malware alias:Burkina, Loki, LokiBot, LokiPWS
Confidence Level : Confidence level is elevated (75%)
ASN:AS214943 RAILNET
Country:- US
First seen:2024-11-20 06:55:10 UTC
Last seen:2025-06-27 08:45:43 UTC
UUID:62777708-a70c-11ef-91ae-42010aa4000a
Reporter abuse_ch
Reward 5 credits from ThreatFox
Tags:LokiBot
Reference: https://bazaar.abuse.ch/sample/f942a3046520f7838e33a1116faf8b9a6615756f044551651207f53b755a024d/

Avatar
abuse_ch
lokibot (aka Burkina,Loki,LokiBot,LokiPWS) botnet C2

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)SHA256 hashBazaar
2024-11-20 07:15:15 89bf888148eae2caabdc6d3fff98054127b197b402493581894a3104ed6b6f1c
2024-11-20 07:10:11 a786cb2ae0dc8117e3bfc07bca8bb0e5d4545ab8f5b4aa042c9ee85dca7b43a0