ThreatFox IOC Database

You are browsing the Indicator Of Compromise (IOC) database of ThreatFox. If you would like to contribute IOCs to the corpuse, you can do so through either the web form or the API.


352

IOCs shared (past 24 hours)

ClearFake

Most seen malware family (past 24 hours)

1'683'815

IOCs in corpus


Using the form below, you can search for malware samples by a hash (MD5, SHA256, SHA1), imphash, tlsh hash, ClamAV signature, tag or malware family.

Browse Database

Search syntax is as follow: keyword:search_term

Following is a list of accepted keywords along with an example search_term

  • ioc:ms-debug-services.com ( run)
  • malware:CobaltStrike ( run)
  • tag:TA505 ( run)
  • threat_type:cc_skimming ( run)
  • uuid:87f310f3-540b-11eb-922c-42010aa4000a ( run)

Date (UTC)IOCMalwareTagsReporter
2026-04-05 14:54https://ftduk.com/n8n/update Unknown StealerFake Claude HuntYethHounds
2026-04-05 12:26https://ftduk.com/curl/59b62772b3fd5584013342c0d9741befd73af0701ae0409d3cc7c3546680906c Unknown StealerFake Claude macOS User-Agent Check HuntYethHounds
2026-04-05 10:49https://ftduk.com/cleaner3/update Unknown StealermacOS payload User-Agent Check HuntYethHounds
2026-04-05 10:49https://ftduk.com/curl/34979832a7c24b00a2bf21f5aa53a5025b08c497a9400c403602ac08e434d033 Unknown StealermacOS User-Agent Check HuntYethHounds
2026-04-05 10:49ftduk.com Unknown StealermacOS User-Agent Check HuntYethHounds