ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://domynuts.ga/accounts/fre.php.

Database Entry


IOC ID:254312
IOC: http://domynuts.ga/accounts/fre.php
IOC Type :url
Threat Type :botnet_cc
Malware: Loki Password Stealer (PWS)
Malware alias:Burkina, Loki, LokiBot, LokiPWS
Confidence Level : Confidence level is elevated (75%)
First seen:2021-11-25 06:40:53 UTC
Last seen:never
UUID:a334fdb8-4dba-11ec-8ab6-42010aa4000a
Reporter @abuse_ch
Reward 5 credits from ThreatFox
Tags:LokiBot
Reference: https://bazaar.abuse.ch/sample/949d911ef54a1c977e3c7084d6dbf22c87e9757f6a850afa7f73c5dd32b174ef/

Twitter
@abuse_ch
lokibot (aka Burkina,Loki,LokiBot,LokiPWS) botnet C2

Malware Samples


The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)SHA256 hashBazaar
2021-11-30 06:31:11 99876ba3443f83eb1570141b55c44a1be4685d10fd329dc15f5439bfdb4c5419
2021-11-30 06:26:38 780d72b9fcb56f2bfa564e631b3a61f0e018620e0dc884535cf5cb22d6c94eea