ThreatFox IOC Database

You are browsing the Indicator Of Compromise (IOC) database of ThreatFox. If you would like to contribute IOCs to the corpuse, you can do so through either the web form or the API.


1'126

IOCs shared (past 24 hours)

Unknown malware

Most seen malware family (past 24 hours)

1'690'155

IOCs in corpus


Using the form below, you can search for malware samples by a hash (MD5, SHA256, SHA1), imphash, tlsh hash, ClamAV signature, tag or malware family.

Browse Database

Search syntax is as follow: keyword:search_term

Following is a list of accepted keywords along with an example search_term

  • ioc:ms-debug-services.com ( run)
  • malware:CobaltStrike ( run)
  • tag:TA505 ( run)
  • threat_type:cc_skimming ( run)
  • uuid:87f310f3-540b-11eb-922c-42010aa4000a ( run)

Date (UTC)IOCMalwareTagsReporter
2024-12-13 09:47http://tuophiloe.ml/rokstwo/doc.php?hwid=078BF1BF000306E4 Luciferc2 Lucifer abus3reports
2024-12-13 09:47http://plaxiasn.ml/roksfive/doc.php?hwid=078BF1BF000406F1 Luciferc2 Lucifer abus3reports
2024-12-13 09:47http://owa.rootkit-ninja.com/costra/doc.php?hwid=CB253338DA Luciferc2 Lucifer abus3reports
2024-12-13 09:47http://owa.rootkit-ninja.com/costra/doc.php?hwid=078BFBFF00000F61 Luciferc2 Lucifer abus3reports
2024-12-13 09:47http://koinoias.ml/roksthree/doc.php?hwid=740B4EB01B0 Luciferc2 Lucifer abus3reports
2024-12-13 09:47http://hojokk.com/0x/doc.php?hwid=078BF1BF000406F1 Luciferc2 Lucifer abus3reports
2024-12-13 09:47http://hojokk.com/0x/doc.php?hwid=078BF1BF000306F2 Luciferc2 Lucifer abus3reports
2024-12-13 09:47http://florapansiyonotel.com/images/jaf3/doc.php?hwid=078BF1BF000406F1 Luciferc2 Lucifer abus3reports
2024-12-13 09:47http://fdsgfsdgdfgfdhghgfjjh.000webhostapp.com/doc.php?hwid=98224A316E Luciferc2 Lucifer abus3reports
2024-12-13 09:47http://fdsgfsdgdfgfdhghgfjjh.000webhostapp.com/doc.php?hwid=9822 Luciferc2 Lucifer abus3reports
2024-12-13 09:47http://coroheus.ml/roksone/doc.php?hwid=078BFBFD000006D3 Luciferc2 Lucifer abus3reports
2024-12-13 09:47http://coroheus.ml/roksone/doc.php?hwid=078BF1BF000406F1 Luciferc2 Lucifer abus3reports
2024-12-13 09:47http://193.142.59.18/pettz/doc.php?hwid=0F8BFBFF000306D2 Luciferc2 Lucifer abus3reports
2024-12-13 09:47http://193.142.59.18/pettz/doc.php?hwid=078BF1BF000406F1 Luciferc2 Lucifer abus3reports
2024-12-12 06:21http://owa.rootkit-ninja.com/costra/Panel/login.php LuciferAS14061 CV. Rumahweb Indonesia DigitalOcean LLC Lucifer subdomain antiphishorg
2024-12-12 01:00owa.rootkit-ninja.com LuciferLucifer ViriBack abuse_ch
2024-03-21 11:12alltorq-net.oncallservices.ca LuciferLucifer ViriBack abuse_ch
2023-12-09 07:24lucifer14341.000webhostapp.com LuciferLucifer ViriBack abuse_ch
2021-08-18 01:540dad0861840cb73b4cefce3dcce28fa5 Lucifer Virus_Deck