ThreatFox IOC Database

You are browsing the Indicator Of Compromise (IOC) database of ThreatFox. If you would like to contribute IOCs to the corpuse, you can do so through either the web form or the API.

308

IOCs shared (past 24 hours)

ClearFake

Most seen malware family (past 24 hours)

1'693'435

IOCs in corpus

Using the form below, you can search for malware samples by a hash (MD5, SHA256, SHA1), imphash, tlsh hash, ClamAV signature, tag or malware family.

Browse Database

Search syntax is as follow: keyword:search_term

Following is a list of accepted keywords along with an example search_term

ioc:ms-debug-services.com ( run)
malware:CobaltStrike ( run)
tag:TA505 ( run)
threat_type:cc_skimming ( run)
uuid:87f310f3-540b-11eb-922c-42010aa4000a ( run)

Date (UTC)	IOC	Malware	Reporter
2025-05-20 02:59	5f2d4b7799d68fede72d04612c9d0791b7c1d49d	Andromeda	Grim
2025-05-20 02:59	bd925297784089ce7ff2b548a6a8eaf1c8207ba05dc3192facbb54128dbaed2c	Andromeda	Grim
2024-09-02 02:09	57ab710f4f52fb571cd0e1e9c2478c38717fe95fcc9f7c5ba2f3a796fc339b62	Andromeda	Grim
2024-09-02 02:09	9e9818f5a14d0ff1b45d75493930695f	Andromeda	Grim
2024-09-02 02:09	f7a7f1d59adb83febc9a75e6ba68003946025923	Andromeda	Grim
2024-01-16 12:34	privatebankinghsbc.blogspot.com	Andromeda	Xev
2024-01-16 12:34	https://privatebankinghsbc.blogspot.com/	Andromeda	Xev
2024-01-16 11:35	https://chaseonlineprivatebanking.blogspot.com/	Andromeda	Xev
2024-01-16 11:35	chaseonlineprivatebanking.blogspot.com	Andromeda	Xev