ThreatFox IOC Database

You are browsing the Indicator Of Compromise (IOC) database of ThreatFox. If you would like to contribute IOCs to the corpuse, you can do so through either the web form or the API.


308

IOCs shared (past 24 hours)

ClearFake

Most seen malware family (past 24 hours)

1'693'435

IOCs in corpus


Using the form below, you can search for malware samples by a hash (MD5, SHA256, SHA1), imphash, tlsh hash, ClamAV signature, tag or malware family.

Browse Database

Search syntax is as follow: keyword:search_term

Following is a list of accepted keywords along with an example search_term

  • ioc:ms-debug-services.com ( run)
  • malware:CobaltStrike ( run)
  • tag:TA505 ( run)
  • threat_type:cc_skimming ( run)
  • uuid:87f310f3-540b-11eb-922c-42010aa4000a ( run)

Date (UTC)IOCMalwareTagsReporter
2021-12-24 11:45b862c5846413e6c37f39558d3c424e97c1980231fafe6195722b19ae1d6ee5c7 Mespinoza Virus_Deck
2021-12-24 11:45f4b41945e9a1f5c0c53230c6dfdd514a8f64f1e4ccdb733395b43d830ab9a607 Mespinoza Virus_Deck
2021-12-24 11:45e630c6c6eb90e7e91fadf8f5e259b6a8c4f06aca9d76cdeb603ead3331e07c00 Mespinoza Virus_Deck
2021-12-24 11:457bc05b205080f8136fbe77e57b6a05dc031ccf99a5951f30298a5554f1ede263 Mespinoza Virus_Deck