ThreatFox IOC Database
You are viewing the ThreatFox database entry for url http://sempersim.su/gh13/fre.php.
Database Entry
This IOC expired
This IOC is an old IOC and hence has expired on 2025-12-14 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.
| IOC ID: | 713240 |
|---|---|
| IOC: | http://sempersim.su/gh13/fre.php |
| IOC Type : | url |
| Threat Type : | botnet_cc |
| Malware: | Loki Password Stealer (PWS) |
| Malware alias: | Burkina, Loki, LokiBot, LokiPWS |
| Confidence Level : | Confidence level is elevated (75%) |
| First seen: | 2022-06-16 06:48:44 UTC |
| Last seen: | never |
| UUID: | 5d9eeb80-ed40-11ec-9c0a-42010aa4000a |
| Reporter |  abuse_ch |
| Reward | 5 credits from ThreatFox |
| Tags: | LokiBot |
| Reference: | https://bazaar.abuse.ch/sample/a404b1549571ffb74812b54e79306b4c694a4d0ebff1df8a461c946852093808/ |
Malware Samples
The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).
| Time stamp (UTC) | SHA256 hash | Bazaar |
|---|---|---|
| 2022-06-16 07:22:10 | 8bdc8bd0407d4457e3a542e020baeb9c5e5ba5db4bfc6cd2830c72f46830609c |