ThreatFox IOC Database

You are browsing the Indicator Of Compromise (IOC) database of ThreatFox. If you would like to contribute IOCs to the corpuse, you can do so through either the web form or the API.


321

IOCs shared (past 24 hours)

ClearFake

Most seen malware family (past 24 hours)

1'693'300

IOCs in corpus


Using the form below, you can search for malware samples by a hash (MD5, SHA256, SHA1), imphash, tlsh hash, ClamAV signature, tag or malware family.

Browse Database

Search syntax is as follow: keyword:search_term

Following is a list of accepted keywords along with an example search_term

  • ioc:ms-debug-services.com ( run)
  • malware:CobaltStrike ( run)
  • tag:TA505 ( run)
  • threat_type:cc_skimming ( run)
  • uuid:87f310f3-540b-11eb-922c-42010aa4000a ( run)

Date (UTC)IOCMalwareTagsReporter
2025-08-22 15:12ec81ff3913552cb27f7733de64a031bf JCry Grim
2025-08-22 15:12b59e20f78a16071eefcb1e2bb012c01c1b48a233 JCry Grim
2025-08-22 15:12baa3e5ec57cc9cfe39afcf80300411c7dbbdc8c0756d976bd43c7b631f61fc1d JCry Grim