ThreatFox IOC Database

You are browsing the Indicator Of Compromise (IOC) database of ThreatFox. If you would like to contribute IOCs to the corpuse, you can do so through either the web form or the API.


344

IOCs shared (past 24 hours)

ClearFake

Most seen malware family (past 24 hours)

1'693'351

IOCs in corpus


Using the form below, you can search for malware samples by a hash (MD5, SHA256, SHA1), imphash, tlsh hash, ClamAV signature, tag or malware family.

Browse Database

Search syntax is as follow: keyword:search_term

Following is a list of accepted keywords along with an example search_term

  • ioc:ms-debug-services.com ( run)
  • malware:CobaltStrike ( run)
  • tag:TA505 ( run)
  • threat_type:cc_skimming ( run)
  • uuid:87f310f3-540b-11eb-922c-42010aa4000a ( run)

Date (UTC)IOCMalwareTagsReporter
2025-09-29 20:15a3b4eee33ef8051a0bbd59fef6325521 Catchamas Grim
2025-09-29 20:15b3d169a505de6f452e38977af9844dab6f460d4f Catchamas Grim
2025-09-29 20:15b21098613cbc70c32c2c38bbbc7151436f8c8b6960b4855d378f96f875a4db10 Catchamas Grim
2025-09-26 23:29f25d995fb0e31f74f981b049229600e3df92f92c Catchamas Grim
2025-09-26 23:29c905f0495ede4de681a29cf21a8915df1bb844328924b3c2c207630d7e33067b Catchamas Grim
2025-09-26 23:2937db8c3cb65ff828a913a7241870f866 Catchamas Grim