ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://sempersim.su/gj9/fre.php.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2025-12-13 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	839805
IOC:	http://sempersim.su/gj9/fre.php
IOC Type :	url
Threat Type :	botnet_cc
Malware:	Loki Password Stealer (PWS)
Malware alias:	Burkina, Loki, LokiBot, LokiPWS
Confidence Level :	Confidence level is high (100%)
First seen:	2022-07-27 09:45:41 UTC
Last seen:	never
UUID:	e0801e6a-0d90-11ed-8d3f-42010aa4000a
Reporter	abuse_ch
Reward	5 credits from ThreatFox
Tags:	Loki

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)	SHA256 hash	Bazaar
2022-07-28 08:05:11	14bf12f3b3be86a0085bf752a7b0301d47bfe8172b4c3b36804fadeada5886ea
2022-07-28 02:25:25	b29c32eaed48b900408cb17dbf66d4f120229bdd76f9ec66ec2d43fd5ad61c18
2022-07-27 09:45:43	bbfac9effedd00c1ddd7faf08275e9eab6d4ef00e951af8d98369142a3161bdb