ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://62.197.136.176/li/five/fre.php.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2025-12-26 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	471248
IOC:	http://62.197.136.176/li/five/fre.php
IOC Type :	url
Threat Type :	botnet_cc
Malware:	Loki Password Stealer (PWS)
Malware alias:	Burkina, Loki, LokiBot, LokiPWS
Confidence Level :	Confidence level is high (100%)
ASN:	AS6762 SEABONE-NET
Country:	IT
First seen:	2022-03-31 09:16:55 UTC
Last seen:	never
UUID:	4f561eaa-b0d3-11ec-8c1d-42010aa4000a
Reporter	abuse_ch
Reward	5 credits from ThreatFox
Tags:	Loki

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)	SHA256 hash	Bazaar
2022-03-31 17:21:34	6be105f78324c27cb3750b6c0e2fc12bb7aca46e0495bdf29a9e5ee93f649428
2022-03-31 11:36:39	d3d4c5fe2cf18e46af1280b6328880d01e9e8ab9117e0eda3aa5f22b645880eb
2022-03-31 10:21:45	11c0c0cb54260d0f6dba11543096c61c0762ded6958c3cf0a478f24520953396
2022-03-31 09:16:58	2441ed8ca3e299e43eb72b656235a0fc11bb9579f68b1af48cbcab6b7017bf59