ThreatFox IOC Database

You are browsing the Indicator Of Compromise (IOC) database of ThreatFox. If you would like to contribute IOCs to the corpuse, you can do so through either the web form or the API.

88

IOCs shared (past 24 hours)

Cobalt Strike

Most seen malware family (past 24 hours)

1'299'983

IOCs in corpus

Using the form below, you can search for malware samples by a hash (MD5, SHA256, SHA1), imphash, tlsh hash, ClamAV signature, tag or malware family.

Browse Database

Search syntax is as follow: keyword:search_term

Following is a list of accepted keywords along with an example search_term

ioc:ms-debug-services.com ( run)
malware:CobaltStrike ( run)
tag:TA505 ( run)
threat_type:cc_skimming ( run)
uuid:87f310f3-540b-11eb-922c-42010aa4000a ( run)

Date (UTC)	IOC	Malware	Tags	Reporter
2024-11-21 06:07	45.77.64.151:80	Cobalt Strike	CobaltStrike cs-watermark-391144938	abuse_ch
2024-11-21 06:07	110.40.36.87:1234	Cobalt Strike	CobaltStrike cs-watermark-987654321	abuse_ch
2024-11-21 06:07	123.57.69.200:1234	Cobalt Strike	CobaltStrike cs-watermark-666666666	abuse_ch
2024-11-21 06:07	212.115.54.214:8080	Cobalt Strike	CobaltStrike cs-watermark-100000	abuse_ch
2024-11-21 06:07	8.210.234.49:80	Cobalt Strike	CobaltStrike cs-watermark-987654321	abuse_ch
2024-11-21 06:07	129.204.86.107:80	Cobalt Strike	CobaltStrike cs-watermark-305419896	abuse_ch
2024-11-21 06:07	47.108.137.47:80	Cobalt Strike	CobaltStrike cs-watermark-987654321	abuse_ch
2024-11-21 06:07	117.18.3.53:4444	Cobalt Strike	CobaltStrike cs-watermark-987654321	abuse_ch
2024-11-21 06:06	47.95.17.42:443	Cobalt Strike	CobaltStrike cs-watermark-666666	abuse_ch
2024-11-21 06:06	198.98.49.132:443	Cobalt Strike	CobaltStrike cs-watermark-666666666	abuse_ch
2024-11-21 06:05	154.211.13.143:80	Cobalt Strike	CobaltStrike cs-watermark-987654321	abuse_ch
2024-11-21 06:05	116.204.21.94:80	Cobalt Strike	CobaltStrike cs-watermark-666666666	abuse_ch
2024-11-21 06:05	47.108.60.233:80	Cobalt Strike	CobaltStrike cs-watermark-987654321	abuse_ch
2024-11-21 06:05	47.108.60.233:8090	Cobalt Strike	CobaltStrike cs-watermark-987654321	abuse_ch
2024-11-21 06:05	43.131.246.114:8000	Cobalt Strike	CobaltStrike	abuse_ch
2024-11-21 06:05	43.139.248.193:8443	Cobalt Strike	CobaltStrike cs-watermark-666666666	abuse_ch
2024-11-21 06:05	150.158.10.232:80	Cobalt Strike	CobaltStrike cs-watermark-987654321	abuse_ch
2024-11-21 06:05	43.142.166.217:80	Cobalt Strike	CobaltStrike cs-watermark-666666666	abuse_ch
2024-11-21 06:05	117.72.14.90:89	Cobalt Strike	CobaltStrike cs-watermark-987654321	abuse_ch
2024-11-21 06:04	116.204.21.94:443	Cobalt Strike	CobaltStrike cs-watermark-666666666	abuse_ch
2024-11-21 06:04	https://89c9bebf541c17a229d921556d14a4ffd4.com/MWZjODg0YjhhMWVi/	Coper		agesipolis1
2024-11-21 06:04	18.246.231.120:80	Loki Password Stealer (PWS)	infostealer LokiBot stealer	SarlackLab
2024-11-21 06:04	remcosnov24.duckdns.org	Remcos	c2 duckdns remcos	DaveLikesMalwre
2024-11-21 06:04	https://bsfchile.com/work/das.php	FAKEUPDATES	SmartApeSG	HuntYethHounds
2024-11-21 06:04	https://bsfchile.com/work/original.js	FAKEUPDATES	SmartApeSG	HuntYethHounds
2024-11-21 06:04	https://bsfchile.com/work/fix.php	FAKEUPDATES	SmartApeSG	HuntYethHounds
2024-11-21 06:04	http://38.180.147.18:80/palofd	Spectre Rat	PA palo alto Spectre	stopransom
2024-11-21 06:04	http://67.207.85.215:8888/supershell/login/	Unknown malware	AS14061 DigitalOcean LLC Supershell	antiphishorg
2024-11-21 06:04	67.207.85.215:8888	Unknown malware	AS14061 DigitalOcean LLC Supershell	antiphishorg
2024-11-20 20:47	103.54.153.76:56001	AsyncRAT	asyncrat	NDA0E
2024-11-20 20:21	www.aviationchartersolutions.com	AsyncRAT	asyncrat Donut DonutInjector DonutLoader	NDA0E
2024-11-20 20:21	aviationchartersolutions.com	AsyncRAT	asyncrat Donut DonutInjector DonutLoader	NDA0E
2024-11-20 15:41	https://nyciot.com/js.php	FAKEUPDATES	Kongtuke	monitorsg
2024-11-20 15:41	nyciot.com	FAKEUPDATES	Kongtuke	monitorsg
2024-11-20 15:41	https://nyciot.com/je5vl.js	FAKEUPDATES	Kongtuke	monitorsg
2024-11-20 15:41	segurofinalizar.shop	FAKEUPDATES	SmartApeSG	monitorsg
2024-11-20 15:41	https://segurofinalizar.shop/work/fix2.php	FAKEUPDATES	SmartApeSG	monitorsg
2024-11-20 15:41	https://segurofinalizar.shop/work/xxx.zip	FAKEUPDATES	SmartApeSG	monitorsg
2024-11-20 15:41	https://segurofinalizar.shop/work/index.php	FAKEUPDATES	SmartApeSG	monitorsg
2024-11-20 15:41	https://segurofinalizar.shop/work/original.js	FAKEUPDATES	SmartApeSG	monitorsg
2024-11-20 15:41	https://jaipurraj.com/work/original.js	FAKEUPDATES	SmartApeSG	HuntYethHounds
2024-11-20 15:41	https://jaipurraj.com/work/das.php	FAKEUPDATES	SmartApeSG	HuntYethHounds
2024-11-20 15:41	https://jaipurraj.com/work/fix.php	FAKEUPDATES	SmartApeSG	HuntYethHounds
2024-11-20 15:41	http://94.156.177.41/simple/five/PvqDq929BSx_A_D_M1n_a.php	LokiBot	AS214943 LokiBot Railnet LLC	antiphishorg
2024-11-20 15:40	192.129.178.61:9001	DCRat	c2 dcrat	juroots
2024-11-20 15:40	45.158.14.11:8089	Hook	c2 HookBot	juroots
2024-11-20 15:40	185.251.91.157:443	FAKEUPDATES	SocGholish	threatcat_ch
2024-11-20 15:40	http://31.177.109.184/8331a12a495c21b2.php	Stealc	Stealc	abuse_ch
2024-11-20 15:31	106.75.33.253:8081	Cobalt Strike	CobaltStrike cs-watermark-987654321	abuse_ch
2024-11-20 15:31	139.180.190.205:8088	Cobalt Strike	CobaltStrike cs-watermark-666666666	abuse_ch
2024-11-20 15:31	113.45.142.235:8888	Cobalt Strike	CobaltStrike cs-watermark-987654321	abuse_ch
2024-11-20 15:31	16.162.220.217:443	Cobalt Strike	CobaltStrike cs-watermark-666666666	abuse_ch
2024-11-20 15:31	129.204.11.57:443	Cobalt Strike	CobaltStrike cs-watermark-987654321	abuse_ch
2024-11-20 15:31	47.108.72.55:83	Cobalt Strike	CobaltStrike cs-watermark-391144938	abuse_ch
2024-11-20 15:31	8.152.216.26:443	Cobalt Strike	CobaltStrike cs-watermark-426352781	abuse_ch
2024-11-20 15:31	45.140.168.166:8080	Cobalt Strike	CobaltStrike cs-watermark-987654321	abuse_ch
2024-11-20 15:30	202.95.12.137:443	Cobalt Strike	CobaltStrike cs-watermark-391144938	abuse_ch
2024-11-20 15:30	110.40.138.5:4545	Cobalt Strike	CobaltStrike cs-watermark-987654321	abuse_ch
2024-11-20 15:29	8.156.64.248:1234	Cobalt Strike	CobaltStrike cs-watermark-391144938	abuse_ch
2024-11-20 15:29	152.32.206.5:9999	Cobalt Strike	CobaltStrike cs-watermark-987654321	abuse_ch
2024-11-20 15:29	81.70.19.128:443	Cobalt Strike	CobaltStrike cs-watermark-666666666	abuse_ch
2024-11-20 15:29	118.195.137.190:80	Cobalt Strike	CobaltStrike cs-watermark-987654321	abuse_ch
2024-11-20 15:29	120.27.215.186:8443	Cobalt Strike	CobaltStrike cs-watermark-987654321	abuse_ch
2024-11-20 15:29	60.204.138.63:801	Cobalt Strike	CobaltStrike cs-watermark-987654321	abuse_ch
2024-11-20 15:29	162.14.73.44:8090	Cobalt Strike	CobaltStrike cs-watermark-987654321	abuse_ch
2024-11-20 15:29	108.61.181.191:8090	Cobalt Strike	CobaltStrike cs-watermark-987654321	abuse_ch
2024-11-20 15:29	118.195.137.190:443	Cobalt Strike	CobaltStrike cs-watermark-987654321	abuse_ch
2024-11-20 15:29	106.55.134.168:443	Cobalt Strike	CobaltStrike cs-watermark-987654321	abuse_ch
2024-11-20 15:29	124.222.164.43:80	Cobalt Strike	CobaltStrike cs-watermark-987654321	abuse_ch
2024-11-20 15:29	124.222.164.43:5555	Cobalt Strike	CobaltStrike cs-watermark-987654321	abuse_ch
2024-11-20 12:53	87.121.86.8:5055	STRRAT	STRRAT	NDA0E
2024-11-20 12:53	badmiles.ddns.net	STRRAT	STRRAT	NDA0E
2024-11-20 12:40	http://101.133.156.69:7001/fwlink	Cobalt Strike	CobaltStrike	abuse_ch
2024-11-20 10:34	http://179.60.149.194:8080/vxhxrqnb	DarkGate	AS395839 c2 DarkGate drk2 HOSTKEY-USA payload	DonPasci
2024-11-20 10:34	http://91.243.50.68:8080/rdullfph	DarkGate	AS34665 c2 DarkGate jma755 payload PINDC-AS	DonPasci
2024-11-20 10:34	http://91.243.50.68:8080/eqvukhda	DarkGate	AS34665 c2 DarkGate jma755 payload PINDC-AS	DonPasci
2024-11-20 10:17	91.243.50.68:80	DarkGate	AS34665 c2 DarkGate jma755 PINDC-AS	DonPasci
2024-11-20 10:10	164.132.5.124:1111	DarkGate	AS16276 c2 DarkGate Derry OVH	DonPasci
2024-11-20 10:08	reateberam.com	Latrodectus		Cryptolaemus1
2024-11-20 10:02	179.60.149.194:8080	DarkGate	AS395839 c2 DarkGate drk2 HOSTKEY-USA payload	DonPasci
2024-11-20 10:02	179.60.149.194:80	DarkGate	AS395839 c2 DarkGate drk2 HOSTKEY-USA	DonPasci
2024-11-20 09:52	https://bestmarsgood.com/test/	Latrodectus		Cryptolaemus1
2024-11-20 09:52	https://cerwintifed.com/test/	Latrodectus		Cryptolaemus1
2024-11-20 06:55	http://94.156.177.41/simple/five/fre.php	Loki Password Stealer (PWS)	LokiBot	abuse_ch