ThreatFox IOC Database

You are browsing the Indicator Of Compromise (IOC) database of ThreatFox. If you would like to contribute IOCs to the corpuse, you can do so through either the web form or the API.

321

IOCs shared (past 24 hours)

ClearFake

Most seen malware family (past 24 hours)

1'693'300

IOCs in corpus

Using the form below, you can search for malware samples by a hash (MD5, SHA256, SHA1), imphash, tlsh hash, ClamAV signature, tag or malware family.

Browse Database

Search syntax is as follow: keyword:search_term

Following is a list of accepted keywords along with an example search_term

ioc:ms-debug-services.com ( run)
malware:CobaltStrike ( run)
tag:TA505 ( run)
threat_type:cc_skimming ( run)
uuid:87f310f3-540b-11eb-922c-42010aa4000a ( run)

Date (UTC)	IOC	Malware	Reporter
2024-09-24 06:56	324d93ead119e4313f6f81696eeaf7f9	SHARPKNOT	Grim
2024-09-24 06:56	4341e8171f70008e0dc7c6309ea60371cc68e29ad7ee457914f5bf676fd30c3d	SHARPKNOT	Grim
2024-09-24 06:56	42af7724e7c738fbf387f2c6f5fb428c2e0686aa	SHARPKNOT	Grim
2021-09-09 21:04	caa7667bfdbcb04ceb9d81df93fe805dfe4ac8a04b9dd3eaab7b5f7c87c4fc9c	Griffon	Virus_Deck
2021-09-03 09:32	f1680aa55c88220bcf83e24d89628cc9	Griffon	Virus_Deck