ThreatFox IOC Database

You are browsing the Indicator Of Compromise (IOC) database of ThreatFox. If you would like to contribute IOCs to the corpuse, you can do so through either the web form or the API.

246

IOCs shared (past 24 hours)

ClearFake

Most seen malware family (past 24 hours)

1'693'195

IOCs in corpus

Using the form below, you can search for malware samples by a hash (MD5, SHA256, SHA1), imphash, tlsh hash, ClamAV signature, tag or malware family.

Browse Database

Search syntax is as follow: keyword:search_term

Following is a list of accepted keywords along with an example search_term

ioc:ms-debug-services.com ( run)
malware:CobaltStrike ( run)
tag:TA505 ( run)
threat_type:cc_skimming ( run)
uuid:87f310f3-540b-11eb-922c-42010aa4000a ( run)

Date (UTC)	IOC	Malware	Reporter
2022-09-02 21:25	9ab9f3b75a2eb87fafb1b7361be9dfb3	RobinHood	Virus_Deck
2022-09-02 21:25	a179c4093d05a3e1ee73f6ff07f994aa	RobinHood	Virus_Deck
2022-09-02 21:25	4b817d0e7714b9d43db43ae4a22a161e	RobinHood	Virus_Deck