ThreatFox IOC Database

You are browsing the Indicator Of Compromise (IOC) database of ThreatFox. If you would like to contribute IOCs to the corpuse, you can do so through either the web form or the API.


502

IOCs shared (past 24 hours)

ClearFake

Most seen malware family (past 24 hours)

1'688'982

IOCs in corpus


Using the form below, you can search for malware samples by a hash (MD5, SHA256, SHA1), imphash, tlsh hash, ClamAV signature, tag or malware family.

Browse Database

Search syntax is as follow: keyword:search_term

Following is a list of accepted keywords along with an example search_term

  • ioc:ms-debug-services.com ( run)
  • malware:CobaltStrike ( run)
  • tag:TA505 ( run)
  • threat_type:cc_skimming ( run)
  • uuid:87f310f3-540b-11eb-922c-42010aa4000a ( run)

Date (UTC)IOCMalwareTagsReporter
2026-01-10 19:4645643f5ce63bb990dae8878fc4cb4652 DICELOADER Grim
2026-01-10 19:467ef1d4c6d1dd8e9ee879c44c32a1f9dec95f46df DICELOADER Grim
2026-01-10 19:46ae985f2f57f117563f8ada4cc0ef2bc3ff6a86c213ebd46448739201fce2b21d DICELOADER Grim
2025-08-10 03:3082df3797f1d043cc3550a4bcf8c04ca7 DICELOADER Grim
2025-08-10 03:30e7b210c47bff488c03df76cc882d8a75ff5be0ee DICELOADER Grim
2025-08-10 03:3005eb9a9e23b3b1ed990369877270ee32d8bf29616f7ea336c6bf4772380f916b DICELOADER Grim