ThreatFox IOC Database

You are browsing the Indicator Of Compromise (IOC) database of ThreatFox. If you would like to contribute IOCs to the corpuse, you can do so through either the web form or the API.


540

IOCs shared (past 24 hours)

ClearFake

Most seen malware family (past 24 hours)

1'689'069

IOCs in corpus


Using the form below, you can search for malware samples by a hash (MD5, SHA256, SHA1), imphash, tlsh hash, ClamAV signature, tag or malware family.

Browse Database

Search syntax is as follow: keyword:search_term

Following is a list of accepted keywords along with an example search_term

  • ioc:ms-debug-services.com ( run)
  • malware:CobaltStrike ( run)
  • tag:TA505 ( run)
  • threat_type:cc_skimming ( run)
  • uuid:87f310f3-540b-11eb-922c-42010aa4000a ( run)

Date (UTC)IOCMalwareTagsReporter
2022-07-08 16:503aa44a7951ad95d02c426e9e2a174c2e EnvyScout Virus_Deck
2022-07-08 16:506228d15e3bb50adfa59c1bdf5f6ce9f0 EnvyScout Virus_Deck
2022-07-08 16:5059b5d262532dab929bbe56c90a0257d2 EnvyScout Virus_Deck
2022-07-08 16:506812031432039a89fa741e9338f8e887 EnvyScout Virus_Deck