ThreatFox IOC Database

You are browsing the Indicator Of Compromise (IOC) database of ThreatFox. If you would like to contribute IOCs to the corpuse, you can do so through either the web form or the API.


586

IOCs shared (past 24 hours)

ClearFake

Most seen malware family (past 24 hours)

1'688'903

IOCs in corpus


Using the form below, you can search for malware samples by a hash (MD5, SHA256, SHA1), imphash, tlsh hash, ClamAV signature, tag or malware family.

Browse Database

Search syntax is as follow: keyword:search_term

Following is a list of accepted keywords along with an example search_term

  • ioc:ms-debug-services.com ( run)
  • malware:CobaltStrike ( run)
  • tag:TA505 ( run)
  • threat_type:cc_skimming ( run)
  • uuid:87f310f3-540b-11eb-922c-42010aa4000a ( run)

Date (UTC)IOCMalwareTagsReporter
2024-08-24 02:0755385f8be83a7e193390aa5c3a9a9934e603d6d3d164e5f496ece0ad553e9027 MgBot Grim
2024-08-24 02:07bb13e4ebdcb3e7d6bcd78601fd01b654 MgBot Grim
2024-08-24 02:074165ceda368602fb21495c55a95548b7056f4413 MgBot Grim