ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://sempersim.su/ge17/fre.php.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2025-12-24 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	447328
IOC:	http://sempersim.su/ge17/fre.php
IOC Type :	url
Threat Type :	botnet_cc
Malware:	Loki Password Stealer (PWS)
Malware alias:	Burkina, Loki, LokiBot, LokiPWS
Confidence Level :	Confidence level is high (100%)
First seen:	2022-03-24 18:57:34 UTC
Last seen:	2022-07-04 12:15:18 UTC
UUID:	43c0c077-aba4-11ec-8c1d-42010aa4000a
Reporter	abuse_ch
Reward	5 credits from ThreatFox
Tags:	Loki

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)	SHA256 hash	Bazaar
2022-03-25 09:26:05	d431520f84593ca8e978b232a556221fb0e9b539dd1d5490383fda9ef8185c48
2022-03-24 21:56:20	39247c12089970c5c398132f976bad9c969ef45ce1258229deaf3ce543027713
2022-03-24 20:22:09	0511ccd03a6d649743eea11297d7b3159ecd2c7674eaa3dc7638dddbed462abc
2022-03-24 18:57:36	7c2d8d52d0278bffa26d7df8706c985e14e86ec0a3f79cc965f9e9e2b0fc1937