Authenticate for API access | If you are experiencing issues with receiving data from abuse.ch platforms via API, please ensure your requests are authenticated.
➡️ Read here for more info

ThreatFox Database

Indicators of Compromise (IOCs) on ThreatFox are associated with a certain malware fas. A malware sample can be associated with only one malware family. The page below gives you an overview on indicators of compromise associated with win.hijackloader.

You can also get this data through the ThreatFox API.

Database Entry


Malware: HijackLoader
Malware alias:DOILoader, GHOSTPULSE, IDAT Loader, SHADOWLADDER
First seen:2023-10-18 12:48:53 UTC
Last seen:2025-10-21 23:48:15 UTC
Number of IOCs:60
Malpedia: https://malpedia.caad.fkie.fraunhofer.de/details/win.hijackloader

Indicators Of Compromise


The table below shows all indicators of compromise (IOCs) that are associated with this particulare malware family (max 1000).

Date (UTC)IOCMalwareTagsReporter