ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://becharnise.ir/fb17/fre.php.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2025-12-26 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	6203
IOC:	http://becharnise.ir/fb17/fre.php
IOC Type :	url
Threat Type :	botnet_cc
Malware:	Loki Password Stealer (PWS)
Malware alias:	Burkina, Loki, LokiBot, LokiPWS
Confidence Level :	Confidence level is elevated (75%)
First seen:	2021-03-31 06:27:06 UTC
Last seen:	never
UUID:	1d8ea16e-91ea-11eb-858b-42010aa4000a
Reporter	abuse_ch
Reward	5 credits from ThreatFox
Tags:	LokiBot
Reference:	https://bazaar.abuse.ch/sample/e3bd1677213895a3d1e15c007670cc0ec4723ed18be3c30cb9acd15d376bf8eb/

abuse_ch

lokibot (aka Loki,LokiPWS,LokiBot) botnet C2

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)	SHA256 hash	Bazaar
2021-04-01 06:20:08	7a545a28cacdf3ab2dfa605a626adebad10290b1c6980fbf157eb464dadf2011
2021-03-31 14:21:13	477978eccf7bc14027a7868f679e5a872a73a7980c654ca88c9644a40cb5a70c
2021-03-31 08:36:25	324a4dbff1b19e43b9d92edde3a316e391a8d1e7ed685fb8633984b4f1b5ac6d
2021-03-31 07:04:43	2b092204fefa727fd5a2e73af2c92cf37a6b249147f2f2a6ebe70e7fc04d703e