ThreatFox IOC Database

You are browsing the Indicator Of Compromise (IOC) database of ThreatFox. If you would like to contribute IOCs to the corpuse, you can do so through either the web form or the API.


203

IOCs shared (past 24 hours)

ClearFake

Most seen malware family (past 24 hours)

1'692'449

IOCs in corpus


Using the form below, you can search for malware samples by a hash (MD5, SHA256, SHA1), imphash, tlsh hash, ClamAV signature, tag or malware family.

Browse Database

Search syntax is as follow: keyword:search_term

Following is a list of accepted keywords along with an example search_term

  • ioc:ms-debug-services.com ( run)
  • malware:CobaltStrike ( run)
  • tag:TA505 ( run)
  • threat_type:cc_skimming ( run)
  • uuid:87f310f3-540b-11eb-922c-42010aa4000a ( run)

Date (UTC)IOCMalwareTagsReporter
2022-10-27 21:482d2219ec82eef8522273f5944f693bed989e8c1adef15b680a5abe183a9ea59b ASPXSpy Virus_Deck
2022-09-12 03:32f543d95c9bf56d23342eacf1837e9e09dca11910ba17076f187bf83d2e26059c ASPXSpy Virus_Deck
2022-09-12 03:325cce5f7d9fb1af3ace0712d7d37ffb8c5af2f4150037373c7a683b50085f6a86 ASPXSpy Virus_Deck