ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://194.85.248.167/imt/fre.php.

Database Entry


IOC ID:254355
IOC: http://194.85.248.167/imt/fre.php
IOC Type :url
Threat Type :botnet_cc
Malware: Loki Password Stealer (PWS)
Malware alias:Burkina, Loki, LokiBot, LokiPWS
Confidence Level : Confidence level is high (100%)
First seen:2021-11-25 09:31:41 UTC
Last seen:never
UUID:7f2a559d-4dd2-11ec-8ab6-42010aa4000a
Reporter @abuse_ch
Reward 5 credits from ThreatFox
Tags:Loki

Malware Samples


The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)SHA256 hashBazaar
2021-11-26 08:40:13 a7a44db54cb13ee6e9767b9cc1a6525b5cecc5fa532a510c7cca2c8114d7de16
2021-11-26 08:25:11 ff265d82a5185b0c0d4bb6cfd6b13859553faf45bf72d479860ddbc885ba683f
2021-11-25 09:31:44 6f1c6ac7f9bd59d24fd94fea64cf264d52d75773b3647b5d0848fa52c7f1390e