ThreatFox IOC Database

You are browsing the Indicator Of Compromise (IOC) database of ThreatFox. If you would like to contribute IOCs to the corpuse, you can do so through either the web form or the API.


592

IOCs shared (past 24 hours)

ClearFake

Most seen malware family (past 24 hours)

1'689'155

IOCs in corpus


Using the form below, you can search for malware samples by a hash (MD5, SHA256, SHA1), imphash, tlsh hash, ClamAV signature, tag or malware family.

Browse Database

Search syntax is as follow: keyword:search_term

Following is a list of accepted keywords along with an example search_term

  • ioc:ms-debug-services.com ( run)
  • malware:CobaltStrike ( run)
  • tag:TA505 ( run)
  • threat_type:cc_skimming ( run)
  • uuid:87f310f3-540b-11eb-922c-42010aa4000a ( run)

Date (UTC)IOCMalwareTagsReporter
2025-12-08 02:539586dc195c9ba76ad25139448d8a5fa2 HTran Grim
2025-12-08 02:53eea299da2fc4ef7abf9957196a99c569 HTran Grim
2025-12-08 02:53c7316add8dfd12bb080538158e84cf356f46cb8d HTran Grim
2025-12-08 02:53f3fa7272169d1ac6c6f88ed3cfb90c76d59d2cfaac8f2df4fc4b53e8e6942911 HTran Grim
2025-12-08 02:538030db3661c35410cf19140a6627027f887f8d3a HTran Grim
2025-12-08 02:5335a36514a67027979707cfda413c79d1c174f1303edd1aeaa3df76b84a3f4174 HTran Grim