ThreatFox IOC Database

You are browsing the Indicator Of Compromise (IOC) database of ThreatFox. If you would like to contribute IOCs to the corpuse, you can do so through either the web form or the API.

534

IOCs shared (past 24 hours)

Unknown malware

Most seen malware family (past 24 hours)

1'692'970

IOCs in corpus

Using the form below, you can search for malware samples by a hash (MD5, SHA256, SHA1), imphash, tlsh hash, ClamAV signature, tag or malware family.

Browse Database

Search syntax is as follow: keyword:search_term

Following is a list of accepted keywords along with an example search_term

ioc:ms-debug-services.com ( run)
malware:CobaltStrike ( run)
tag:TA505 ( run)
threat_type:cc_skimming ( run)
uuid:87f310f3-540b-11eb-922c-42010aa4000a ( run)

Date (UTC)	IOC	Malware	Tags	Reporter
2026-06-08 03:35	adhaehaht-42050.portmap.host	donut_injector		uwucutecatgirl
2026-06-08 03:35	gamestudio.life	donut_injector		uwucutecatgirl
2026-06-08 03:35	vrstudio.life	donut_injector		uwucutecatgirl
2026-01-22 22:29	38.45.126.243:1527	donut_injector	AS9294 c2 Donut GNETINC-AS-AP vmray	DonPasci
2026-01-22 20:56	118.107.29.135:5178	donut_injector	AS152194 c2 CTGSERVERLIMITED-AS-AP Donut triage	DonPasci
2026-01-22 20:50	27.124.43.115:5178	donut_injector	AS152194 c2 CTGSERVERLIMITED-AS-AP Donut triage	DonPasci
2026-01-06 11:41	https://lwebcontrol.com/nfront.php	donut_injector	c2 Donut VirusTotal	DonPasci
2026-01-06 11:40	95.164.53.76:80	donut_injector	AS213702 c2 Donut QWINS-LTD VirusTotal	DonPasci
2026-01-06 11:25	tester.attackzombie.com	donut_injector	c2 domain Donut	DonPasci
2025-12-03 16:02	47.84.87.182:5858	donut_injector	ALIBABA-CN-NET AS45102 c2 censys Donut	DonPasci
2025-11-14 09:50	ottobattleskaldthrenody.com	donut_injector	c2 domain Donut triage	DonPasci
2025-11-08 14:28	80.66.72.64:443	donut_injector	AS215540 c2 Donut GCS-AS triage	DonPasci
2025-10-27 19:16	111.11.112.162:5858	donut_injector	AS24547 c2 CMNET-V4HEBEI-AS-AP Donut joesandbox	DonPasci
2025-10-15 15:04	176.46.152.87:5858	donut_injector	AS214351 c2 Donut FEMOIT vmray	DonPasci
2025-10-15 15:00	176.46.152.62:5858	donut_injector	AS214351 c2 Donut FEMOIT joesandbox	DonPasci
2025-09-22 05:47	http://176.46.152.62:5858/e1dd06e1d6cb459aaa35c60451e2b323_build.bin	donut_injector		Anonymous
2024-08-09 06:41	drvenomjh.duckdns.org	donut_injector		johannes
2024-08-09 06:41	ncmomenthv.duckdns.org	donut_injector		johannes
2024-08-09 06:41	vxsrwrm.duckdns.org	donut_injector		johannes
2024-08-09 06:41	anachyyyyy.duckdns.org	donut_injector		johannes
2024-08-09 06:41	ghdsasync.duckdns.org	donut_injector		johannes
2024-08-09 06:41	xoowill56.duckdns.org	donut_injector		johannes