ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://sempersim.su/gh20/fre.php.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:719817
IOC: http://sempersim.su/gh20/fre.php
IOC Type :url
Threat Type :botnet_cc
Malware: Loki Password Stealer (PWS)
Malware alias:Burkina, Loki, LokiBot, LokiPWS
Confidence Level : Confidence level is elevated (75%)
First seen:2022-06-22 15:11:59 UTC
Last seen:never
UUID:a98c8d4f-f23d-11ec-a2e7-42010aa4000a
Reporter abuse_ch
Reward 5 credits from ThreatFox
Tags:LokiBot
Reference: https://bazaar.abuse.ch/sample/e288dd98c8d055e25b7e18c644413a87fcdf38917a1835a506ac036b2ec82a46/

Avatar
abuse_ch
lokibot (aka Burkina,Loki,LokiBot,LokiPWS) botnet C2

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)SHA256 hashBazaar
2022-06-23 16:06:24 748eaf926943f0130b633506282d02f29da4d42d2172b3afce65246633994326
2022-06-23 08:44:19 9896eb8d45fe829a6b491f9aabbd03b35b71aefb9645dc85578cb6365fe2ecff
2022-06-23 00:38:46 f0dfa57c34ed5491fb7d8cfa7958174454e663effd17b9d5c0e981105bbea9cb