ThreatFox IOC Database

You are viewing the ThreatFox database entry for url https://poolkar.icu/.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1806047
IOC: https://poolkar.icu/
IOC Type :url
Threat Type :payload_delivery
Malware: HijackLoader
Malware alias:DOILoader, GHOSTPULSE, IDAT Loader, SHADOWLADDER
Confidence Level : Confidence level is high (100%)
Is compromised? : True
ASN:AS13335 CLOUDFLARENET
Country:- US
First seen:2026-05-04 17:28:51 UTC
Last seen:never
UUID:7a2ec0af-47d3-11f1-8759-42010aa4000a
Reporter Anonymous
Reward 5 credits from ThreatFox
Tags:Ghostulse HijackLoader IDAT Loader
Reference: https://tria.ge/260504-tejjasbs5j/behavioral13

Avatar
Anonymous
HijackLoader (IDAT Loader) variant utilizing DLL side-loading. Observed mismatch in codesign digest. C2 communication established with poolkar.icu for payload delivery/exfiltration. Related to recent campaign delivering infostealers.