ThreatFox IOC Database

You are browsing the Indicator Of Compromise (IOC) database of ThreatFox. If you would like to contribute IOCs to the corpuse, you can do so through either the web form or the API.


478

IOCs shared (past 24 hours)

ClearFake

Most seen malware family (past 24 hours)

1'689'315

IOCs in corpus


Using the form below, you can search for malware samples by a hash (MD5, SHA256, SHA1), imphash, tlsh hash, ClamAV signature, tag or malware family.

Browse Database

Search syntax is as follow: keyword:search_term

Following is a list of accepted keywords along with an example search_term

  • ioc:ms-debug-services.com ( run)
  • malware:CobaltStrike ( run)
  • tag:TA505 ( run)
  • threat_type:cc_skimming ( run)
  • uuid:87f310f3-540b-11eb-922c-42010aa4000a ( run)

Date (UTC)IOCMalwareTagsReporter
2025-04-24 18:2743.248.78.215:51200 lightSpyAS23650 c2 censys CHINANET-JIANGSU-PROVINCE-IDC LightSpy DonPasci
2024-11-30 16:5945.155.220.79:53501 LIGHTSPYcensys LightSpy NDA0E
2024-11-30 16:5945.155.220.79:51200 LIGHTSPYcensys LightSpy NDA0E
2024-08-14 01:3143.248.136.215:53601 lightSpyAS23650 c2 censys LightSpy thehappydinoa
2024-08-14 01:3143.248.136.215:53501 lightSpyAS23650 c2 censys LightSpy thehappydinoa
2024-08-14 01:3143.248.136.215:51200 lightSpyAS23650 c2 censys LightSpy thehappydinoa
2024-08-14 01:31103.27.109.217:59501 lightSpyAS132883 c2 censys LightSpy thehappydinoa
2024-08-14 01:31103.27.109.217:53501 lightSpyAS132883 c2 censys LightSpy thehappydinoa
2024-08-14 01:31103.27.109.217:51200 lightSpyAS132883 c2 censys LightSpy thehappydinoa
2024-08-14 01:3143.248.136.110:43201 lightSpyAS23650 c2 censys LightSpy thehappydinoa
2024-08-14 01:3143.248.136.110:43200 lightSpyAS23650 c2 censys LightSpy thehappydinoa
2024-08-14 01:3145.125.34.126:53501 lightSpyAS55933 c2 censys LightSpy thehappydinoa
2024-08-14 01:3145.125.34.126:51200 lightSpyAS55933 c2 censys LightSpy thehappydinoa
2024-08-14 01:31222.219.183.84:53501 lightSpyAS4134 c2 censys LightSpy thehappydinoa
2024-08-14 01:31222.219.183.84:51200 lightSpyAS4134 c2 censys LightSpy thehappydinoa
2024-08-14 01:31118.195.234.243:53501 lightSpyAS45090 c2 censys LightSpy thehappydinoa
2024-08-14 01:31118.195.234.243:51200 lightSpyAS45090 c2 censys LightSpy thehappydinoa
2024-08-14 01:3138.55.97.178:53501 lightSpyAS42960 c2 censys LightSpy thehappydinoa
2024-08-14 01:3138.55.97.178:51200 lightSpyAS42960 c2 censys LightSpy thehappydinoa
2024-08-14 01:3145.155.220.194:53501 lightSpyAS134835 c2 censys LightSpy thehappydinoa
2024-08-14 01:3145.155.220.194:51200 lightSpyAS134835 c2 censys LightSpy thehappydinoa
2024-08-14 01:31154.91.196.185:53501 lightSpyAS42960 c2 censys LightSpy thehappydinoa
2024-08-14 01:31154.91.196.185:51200 lightSpyAS42960 c2 censys LightSpy thehappydinoa
2024-08-14 01:31103.27.109.28:43201 lightSpyAS132883 c2 censys LightSpy thehappydinoa
2024-08-14 01:31103.27.109.28:43200 lightSpyAS132883 c2 censys LightSpy thehappydinoa
2024-08-14 01:3143.248.136.104:50000 lightSpyAS23650 c2 censys LightSpy thehappydinoa
2024-08-14 01:31103.43.17.99:54600 lightSpyAS132883 c2 censys LightSpy thehappydinoa