ThreatFox IOC Database

You are browsing the Indicator Of Compromise (IOC) database of ThreatFox. If you would like to contribute IOCs to the corpuse, you can do so through either the web form or the API.


562

IOCs shared (past 24 hours)

ClearFake

Most seen malware family (past 24 hours)

1'689'110

IOCs in corpus


Using the form below, you can search for malware samples by a hash (MD5, SHA256, SHA1), imphash, tlsh hash, ClamAV signature, tag or malware family.

Browse Database

Search syntax is as follow: keyword:search_term

Following is a list of accepted keywords along with an example search_term

  • ioc:ms-debug-services.com ( run)
  • malware:CobaltStrike ( run)
  • tag:TA505 ( run)
  • threat_type:cc_skimming ( run)
  • uuid:87f310f3-540b-11eb-922c-42010aa4000a ( run)

Date (UTC)IOCMalwareTagsReporter
2026-04-09 05:56sdsda.lat SparkRATRAT SparkRAT abuse_ch
2026-04-09 05:5543.228.157.121:80 SparkRATRAT SparkRAT abuse_ch
2026-03-09 08:53138.197.14.95:80 SparkRATRAT SparkRAT abuse_ch
2026-03-09 08:53134.122.13.34:8979 SparkRATRAT SparkRAT abuse_ch
2026-02-26 18:57www.msftconnecttest.xyz SparkRATRAT SparkRAT abuse_ch
2026-02-26 18:57154.31.222.217:443 SparkRATRAT SparkRAT abuse_ch
2026-01-07 03:58d2c59a00cbc22fd4f07043138814fbe2 SparkRAT Grim
2026-01-07 03:5810fca076384a292f5e79bb6b92dbaefbf63ad025d5dae392007a993fb5391fca SparkRAT Grim
2026-01-07 03:58ddffe70af3cce3bfc3f6222e1dabe4a9c8b68511 SparkRAT Grim
2026-01-06 11:36spark.ilovegrooming.xyz SparkRATc2 domain SparkRAT DonPasci
2026-01-06 08:22sagent.zabbixcloud.cloud SparkRATc2 domain SparkRAT VirusTotal DonPasci
2025-09-02 05:2567.220.85.157:6001 SparkRAT pitachu
2025-08-28 21:306fe0ed915de0327d7265b68ecef9adfd SparkRAT Grim
2025-08-28 21:3017e2f6e0f9793935ae39d6beca31f54379023f39bab8daa717660b46b5eb577f SparkRAT Grim
2025-08-28 21:30a6fbaf6d42b8779e997766d510f3ea8af5a5115a SparkRAT Grim
2025-08-28 21:3037320cc3cb7741f5b3b4777db93d87c5 SparkRAT Grim
2025-08-28 21:30ed370fcbafa43b4b578d5722e922e706dd854189e5a5b9ca17213c307b3f9a23 SparkRAT Grim
2025-08-28 21:302ece2abb009c07e849de27365cc1fbd7c7acf797 SparkRAT Grim
2025-08-28 21:30677bd0c0a255a00773b3f6056590d05a SparkRAT Grim
2025-08-28 21:30d75aad0391ff8c63fba6f7315e520f5ea61229591277b09240e48e185e435eea SparkRAT Grim
2025-08-28 21:30bbfaabc7bdbbd0fab956d917669041ac0eadf55b SparkRAT Grim
2025-08-17 16:34https://github.com/Loredana221/tewst/raw/refs/heads/main/ccr.exe SparkRAT pitachu
2024-07-10 18:08c580c9f2adc2dcc87a8de91c93fece21 SparkRAT Grim
2024-07-10 18:08ec349cfacc7658eed3640f1c475eb958c5f05bae7c2ed74d4cdb7493176daeba SparkRAT Grim
2024-07-10 18:08787b81631dd1dddade4609453ba0438c3079aee9 SparkRAT Grim
2024-07-10 18:08dcc89dc902dbd986d31e1daa11984a92 SparkRAT Grim
2024-07-10 18:089c4d6d66dcef74f4a6ce82369830a4df914becd7eb543bdcc5d339b7b3db254b SparkRAT Grim
2024-07-10 18:0870ccec2f468fc2015094b5479a5bffb83ad46dce SparkRAT Grim
2024-05-03 15:0668.168.211.94:2052 SparkRAT MarsT
2024-04-04 14:493261cbac9f0ad69dd805bfd875eb0161 SparkRAT Grim
2024-04-04 14:49f015f91722c57cdb7ee61d947fb83f395d342e3d36159f7a470e23b6c03681bf SparkRAT Grim
2024-04-04 14:493471247cffded4259b12593cce644c7c9470a4d2 SparkRAT Grim
2023-10-12 06:11http://www.rakishevkenes.com/search/ws SparkRATgorat RAT spark spyware vovaan
2023-10-12 06:11http://www.rakishevkenes.com/ws/ws SparkRATgorat RAT spark spyware vovaan
2023-10-12 06:11http://www.rakishevkenes.com/bin/ws SparkRATgorat RAT spark spyware vovaan
2023-10-12 06:11http://www.rakishevkenes.com/ws SparkRATgorat RAT spark spyware vovaan
2023-10-12 06:11https://www.rakishevkenes.com:443/search/ws/ws SparkRATgorat RAT spark spyware vovaan
2023-10-12 06:11https://www.rakishevkenes.com/ SparkRATgorat RAT spark spyware vovaan
2023-10-12 06:11rakishevkenes.com SparkRATgorat RAT spark spyware trojan vovaan
2023-10-12 06:11www.rakishevkenes.com SparkRATgorat RAT spark spyware trojan vovaan
2023-09-07 06:4043.140.252.169:8000 SparkRATRAT SparkRAT abuse_ch
2023-09-05 07:568942c78d1c9abee21c58ba2444083b40 SparkRATRAT SparkRAT abuse_ch
2023-07-24 12:026jxbmkpe.torontobotdns.com SparkRATAPT APT36 RAT SparkRAT TransparentTribe abuse_ch
2023-07-24 12:00606115347958dca7ac3c206c643d5419 SparkRATAPT RAT SparkRAT TransparentTribe abuse_ch
2023-07-24 12:002e66189aa1b6fd345a9c13124844ebbc SparkRATAPT RAT SparkRAT TransparentTribe abuse_ch
2023-07-24 12:00ebc8f74281e0481b9da06b8c0d421ba6 SparkRATAPT RAT SparkRAT TransparentTribe abuse_ch
2023-07-24 12:00ca77027959864b4809487127321694f7 SparkRATAPT RAT SparkRAT TransparentTribe abuse_ch
2023-07-24 12:00f7e2dac6a8edf639212bdd4af905ba2c SparkRATAPT RAT SparkRAT TransparentTribe abuse_ch
2023-05-08 12:21130.185.238.251:7777 SparkRATRAT SparkRAT abuse_ch