ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://sempersim.su/gi17/fre.php.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2025-12-10 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	838952
IOC:	http://sempersim.su/gi17/fre.php
IOC Type :	url
Threat Type :	botnet_cc
Malware:	Loki Password Stealer (PWS)
Malware alias:	Burkina, Loki, LokiBot, LokiPWS
Confidence Level :	Confidence level is high (100%)
First seen:	2022-07-21 03:30:33 UTC
Last seen:	never
UUID:	7a2b10e0-08a5-11ed-adb6-42010aa4000a
Reporter	abuse_ch
Reward	5 credits from ThreatFox
Tags:	Loki

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)	SHA256 hash	Bazaar
2022-07-21 15:00:22	3b88b119aeb3e3085b6f3d8aabf1d25840a50818e99e23ccbe838a89b2708ba6
2022-07-21 14:05:23	727f97eaa8e6577c2d17c8d9066d23a2d0147791d3af7ed0e714fff32d35d89a
2022-07-21 06:00:38	ec2a93f1858ba7e0de894944d57fb4b2f3021e5574d1b3594bfd8ffe32f7b029
2022-07-21 03:30:34	def88fc364ed03678d528bfd6bc39f19ff1831b098aaf0705fa13063c4044a2a