ThreatFox IOC Database

You are browsing the Indicator Of Compromise (IOC) database of ThreatFox. If you would like to contribute IOCs to the corpuse, you can do so through either the web form or the API.


308

IOCs shared (past 24 hours)

ClearFake

Most seen malware family (past 24 hours)

1'693'435

IOCs in corpus


Using the form below, you can search for malware samples by a hash (MD5, SHA256, SHA1), imphash, tlsh hash, ClamAV signature, tag or malware family.

Browse Database

Search syntax is as follow: keyword:search_term

Following is a list of accepted keywords along with an example search_term

  • ioc:ms-debug-services.com ( run)
  • malware:CobaltStrike ( run)
  • tag:TA505 ( run)
  • threat_type:cc_skimming ( run)
  • uuid:87f310f3-540b-11eb-922c-42010aa4000a ( run)

Date (UTC)IOCMalwareTagsReporter
2022-05-03 22:2505a9724fc96b9a8093a1f437c3030ca8 Machete Virus_Deck
2022-05-03 08:2521388527c8e63a333892d922faae5826 Machete Virus_Deck
2022-05-03 08:252f665e4c068d2f09fef3ddf10caaef6f Machete Virus_Deck