ThreatFox IOC Database

You are browsing the Indicator Of Compromise (IOC) database of ThreatFox. If you would like to contribute IOCs to the corpuse, you can do so through either the web form or the API.


292

IOCs shared (past 24 hours)

ClearFake

Most seen malware family (past 24 hours)

1'693'266

IOCs in corpus


Using the form below, you can search for malware samples by a hash (MD5, SHA256, SHA1), imphash, tlsh hash, ClamAV signature, tag or malware family.

Browse Database

Search syntax is as follow: keyword:search_term

Following is a list of accepted keywords along with an example search_term

  • ioc:ms-debug-services.com ( run)
  • malware:CobaltStrike ( run)
  • tag:TA505 ( run)
  • threat_type:cc_skimming ( run)
  • uuid:87f310f3-540b-11eb-922c-42010aa4000a ( run)

Date (UTC)IOCMalwareTagsReporter
2022-08-01 20:06cec06262d1d35f8ea013670c540e30e8 EVILNUM Virus_Deck
2022-08-01 20:064b357bdd7d34050f85b7ef1d497a87dc EVILNUM Virus_Deck
2022-06-03 21:07kalpoipolpmi.net EVILNUMEVILNUM AndreGironda
2022-06-03 21:078as1s2.com EVILNUMEVILNUM AndreGironda
2022-06-03 21:07cspapop110.com EVILNUMEVILNUM AndreGironda
2022-06-03 20:145.206.227.72:2222 EVILNUMEVILNUM AndreGironda
2022-06-03 20:14forme539.ddns.net EVILNUMEVILNUM AndreGironda