ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://sempersim.su/gf20/fre.php.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2025-12-16 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	549302
IOC:	http://sempersim.su/gf20/fre.php
IOC Type :	url
Threat Type :	botnet_cc
Malware:	Loki Password Stealer (PWS)
Malware alias:	Burkina, Loki, LokiBot, LokiPWS
Confidence Level :	Confidence level is high (100%)
First seen:	2022-05-10 08:26:33 UTC
Last seen:	never
UUID:	e6b2302e-d03a-11ec-ae87-42010aa4000a
Reporter	abuse_ch
Reward	5 credits from ThreatFox
Tags:	Loki

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)	SHA256 hash	Bazaar
2022-05-10 18:21:16	c737bfd872527544c14ec50c589d0ff5bc26f8d643bc4441d190efe872a5b05f
2022-05-10 11:31:46	5a5057b3be1ee547ce5183f0266f926b1d7ac523bbe7b97e869a4c700ca2123a
2022-05-10 09:01:39	23fad248d82e34506daaa185bf00863e33774247c563a7ba49d9cfb11110cca9
2022-05-10 08:26:36	8a90cf95e2db3a3724a1cdf0709f57c5c2e38539f9512eebd8d39efdb264fb3a