ThreatFox IOC Database

You are browsing the Indicator Of Compromise (IOC) database of ThreatFox. If you would like to contribute IOCs to the corpuse, you can do so through either the web form or the API.


512

IOCs shared (past 24 hours)

ClearFake

Most seen malware family (past 24 hours)

1'689'009

IOCs in corpus


Using the form below, you can search for malware samples by a hash (MD5, SHA256, SHA1), imphash, tlsh hash, ClamAV signature, tag or malware family.

Browse Database

Search syntax is as follow: keyword:search_term

Following is a list of accepted keywords along with an example search_term

  • ioc:ms-debug-services.com ( run)
  • malware:CobaltStrike ( run)
  • tag:TA505 ( run)
  • threat_type:cc_skimming ( run)
  • uuid:87f310f3-540b-11eb-922c-42010aa4000a ( run)

Date (UTC)IOCMalwareTagsReporter
2024-05-09 16:555589728917e2c441a0b277d8048dea99 MegaCortex Grim
2024-05-09 16:55ffa291b7deb01d6a42d6997765848e0340bf5177746de01d275f843cdea864aa MegaCortex Grim
2024-05-09 16:5528d60f957570983336dfc6fd05c6be54bab43fa1 MegaCortex Grim