ThreatFox IOC Database

You are browsing the Indicator Of Compromise (IOC) database of ThreatFox. If you would like to contribute IOCs to the corpuse, you can do so through either the web form or the API.


203

IOCs shared (past 24 hours)

ClearFake

Most seen malware family (past 24 hours)

1'692'447

IOCs in corpus


Using the form below, you can search for malware samples by a hash (MD5, SHA256, SHA1), imphash, tlsh hash, ClamAV signature, tag or malware family.

Browse Database

Search syntax is as follow: keyword:search_term

Following is a list of accepted keywords along with an example search_term

  • ioc:ms-debug-services.com ( run)
  • malware:CobaltStrike ( run)
  • tag:TA505 ( run)
  • threat_type:cc_skimming ( run)
  • uuid:87f310f3-540b-11eb-922c-42010aa4000a ( run)

Date (UTC)IOCMalwareTagsReporter
2026-05-31 06:48c3921fef70e1895559fe0caea0ea678e8df4e4d3b65dcde33103379b4dbdf99a BeaverTail ankurdahiya
2026-04-29 11:37y-hazel-ten.vercel.app BeaverTailbase64-obfuscated-c2 BeaverTail ContagiousInterview DPRK env-exfiltration function-eval jackpot Lazarus Novara1o1 npm-prepare-hook Web3-targeting o_zehentleitner
2026-04-29 11:37cc9e443872d99b07e4bf5f6baa6144fbe0fd24bc610e58340d9b8c755df17fce BeaverTailbase64-obfuscated-c2 BeaverTail ContagiousInterview DPRK env-exfiltration function-eval jackpot Lazarus Novara1o1 npm-prepare-hook Web3-targeting o_zehentleitner
2026-04-29 11:37https://y-hazel-ten.vercel.app/api BeaverTailbase64-obfuscated-c2 BeaverTail ContagiousInterview DPRK env-exfiltration function-eval jackpot Lazarus Novara1o1 npm-prepare-hook Web3-targeting o_zehentleitner
2026-04-29 11:37b6987d7732888b73a836c7320fbdc0c0fe5d1238584be66f68371481dc3667ab BeaverTailbase64-obfuscated-c2 BeaverTail ContagiousInterview DPRK env-exfiltration function-eval jackpot Lazarus Novara1o1 npm-prepare-hook Web3-targeting o_zehentleitner
2026-04-11 19:37166.88.54.158:443 BeaverTailBeaverTail DPKR polinrider Wim
2026-04-11 19:37136.0.9.8:443 BeaverTailBeaverTail DPRK EVOXT Lazarus nmp NodeJS polinrider supplychain Wim
2025-08-01 06:12172.86.123.55:1244 BeaverTailBeaverTail c2 Overkill1984zzz
2025-08-01 06:12147.124.213.19:1244 BeaverTailBeaverTail c2 Overkill1984zzz
2025-08-01 06:1245.61.150.67:1224 BeaverTailBeaverTail c2 Overkill1984zzz
2025-08-01 06:12172.86.113.18:1224 BeaverTailBeaverTail c2 Overkill1984zzz
2025-08-01 06:1267.203.7.205:1244 BeaverTailBeaverTail c2 Overkill1984zzz
2025-06-04 05:38144.172.102.21:1224 BeaverTailBeaverTail c2 Overkill1984zzz
2025-06-04 05:38144.172.100.124:1224 BeaverTailBeaverTail c2 Overkill1984zzz
2025-06-04 05:38144.172.106.7:1224 BeaverTailBeaverTail c2 Overkill1984zzz
2025-05-01 05:58216.126.229.166:1224 BeaverTailBeaverTail c2 Overkill1984zzz
2025-04-25 13:34lianxinxiao.com BeaverTailBeaverTail c2 juroots
2025-01-31 21:0791.92.120.132:80 BeaverTailBeaverTail c2 juroots
2024-11-07 06:10http://147.124.197.149:1244/pdown BeaverTailBeaverTail Lazarus python Overkill1984zzz
2024-11-07 06:10http://147.124.197.138:1244/pdown BeaverTailBeaverTail Lazarus python Overkill1984zzz
2024-11-07 06:10http://38.92.47.85:1244/pdown BeaverTailBeaverTail Lazarus python Overkill1984zzz
2024-11-07 06:10http://38.92.47.91:1244/pdown BeaverTailBeaverTail Lazarus python Overkill1984zzz
2024-11-07 06:10http://38.92.47.151:1244/pdown BeaverTailBeaverTail Lazarus python Overkill1984zzz
2024-11-07 06:10http://45.43.11.201:1244/pdown BeaverTailBeaverTail Lazarus python Overkill1984zzz
2024-11-07 06:10http://66.235.168.232:1244/pdown BeaverTailBeaverTail Lazarus python Overkill1984zzz
2024-11-07 06:10http://165.140.86.227:1244/pdown BeaverTailBeaverTail Lazarus python Overkill1984zzz
2024-10-11 06:47http://147.124.214.237:1244/pdown BeaverTailBeaverTail Lazarus python DaveLikesMalwre
2024-10-11 06:47http://147.124.214.129:1244/pdown BeaverTailBeaverTail Lazarus python DaveLikesMalwre
2024-10-11 06:47http://147.124.214.131:1244/pdown BeaverTailBeaverTail Lazarus python DaveLikesMalwre
2024-10-11 06:47http://67.203.7.163:1244/pdown BeaverTailBeaverTail Lazarus python DaveLikesMalwre
2024-08-18 20:02147.124.214.237:1244 BeaverTailAS396073 c2 censys MAJESTIC-HOSTING-01 DonPasci
2024-08-18 20:02147.124.214.131:1244 BeaverTailAS396073 c2 censys MAJESTIC-HOSTING-01 DonPasci
2024-08-18 20:0267.203.7.163:1244 BeaverTailAS-COLOAM AS21769 c2 censys DonPasci
2024-08-18 20:02147.124.214.129:1244 BeaverTailAS396073 c2 censys MAJESTIC-HOSTING-01 DonPasci