ThreatFox IOC Database

You are browsing the Indicator Of Compromise (IOC) database of ThreatFox. If you would like to contribute IOCs to the corpuse, you can do so through either the web form or the API.


301

IOCs shared (past 24 hours)

ClearFake

Most seen malware family (past 24 hours)

1'693'444

IOCs in corpus


Using the form below, you can search for malware samples by a hash (MD5, SHA256, SHA1), imphash, tlsh hash, ClamAV signature, tag or malware family.

Browse Database

Search syntax is as follow: keyword:search_term

Following is a list of accepted keywords along with an example search_term

  • ioc:ms-debug-services.com ( run)
  • malware:CobaltStrike ( run)
  • tag:TA505 ( run)
  • threat_type:cc_skimming ( run)
  • uuid:87f310f3-540b-11eb-922c-42010aa4000a ( run)

Date (UTC)IOCMalwareTagsReporter
2024-09-02 02:0891180c7424eb89bcbb1da7a4df029dd1 Reaver Grim
2024-09-02 02:0873f5a52567e6afd449576d3ef683a01c8c8aa188278f4e4247008bbb6ab545d3 Reaver Grim
2024-09-02 02:08bae8aa54552f4be7014ba0dc9c5b18fda92a21fe Reaver Grim