ThreatFox IOC Database

You are browsing the Indicator Of Compromise (IOC) database of ThreatFox. If you would like to contribute IOCs to the corpuse, you can do so through either the web form or the API.


334

IOCs shared (past 24 hours)

ClearFake

Most seen malware family (past 24 hours)

1'693'333

IOCs in corpus


Using the form below, you can search for malware samples by a hash (MD5, SHA256, SHA1), imphash, tlsh hash, ClamAV signature, tag or malware family.

Browse Database

Search syntax is as follow: keyword:search_term

Following is a list of accepted keywords along with an example search_term

  • ioc:ms-debug-services.com ( run)
  • malware:CobaltStrike ( run)
  • tag:TA505 ( run)
  • threat_type:cc_skimming ( run)
  • uuid:87f310f3-540b-11eb-922c-42010aa4000a ( run)

Date (UTC)IOCMalwareTagsReporter
2024-04-25 15:24301a50dbf2903823a87860c5fcd8941d FatDuke Grim
2024-04-25 15:23b570f694c37aa5184d86a9a6c903bedec10d53f5ae5979ca047a25b43ce62575 FatDuke Grim
2024-04-25 15:23180936e169c0b303d89aef3ee3e01083b8b4219f FatDuke Grim