ThreatFox

ThreatFox is a platform from abuse.ch and Spamhaus dedicated to sharing indicators of compromise (IOCs) associated with malware, with the infosec community, AV vendors and cyber threat intelligence providers. Upload IOCs and explore the database for valuable intelligence. Use the APIs to seamlessly push and pull signals, and automate bulk queries.

With this intelligence, gain insights into malware behavior, to help identify, track, and mitigate against malware and botnet-related cyber threats.

ThreatFox database »

ThreatFox data

Browse IOCs

Gain valuable insights, find the most recently added IOCs and identify current emerging threats

Access database »

Share IOCs

Help to make the internet safer by sharing IOCs with the community

Share IOCs »

YARAify API

Automate file scanning by leveraging the extensive YARAify API

Access API »

Spamhaus datasets enhanced by ThreatFox

Access Spamhaus’ datasets, enriched with malware samples from ThreatFox.

Data for threat hunting

Context-rich metadata relating to IP, domain and malware signals.

Access dataset »

Perimeter protection

Border Gateway Protocol feeds to stop compromised devices communicating with active botnet C2 servers.

Access dataset »

Network protection

A range of response policy zones (RPZs) protecting against malicious threats at DNS level.

Access dataset »