ThreatFox IOC Database

You are browsing the Indicator Of Compromise (IOC) database of ThreatFox. If you would like to contribute IOCs to the corpuse, you can do so through either the web form or the API.


232

IOCs shared (past 24 hours)

ClearFake

Most seen malware family (past 24 hours)

1'692'527

IOCs in corpus


Using the form below, you can search for malware samples by a hash (MD5, SHA256, SHA1), imphash, tlsh hash, ClamAV signature, tag or malware family.

Browse Database

Search syntax is as follow: keyword:search_term

Following is a list of accepted keywords along with an example search_term

  • ioc:ms-debug-services.com ( run)
  • malware:CobaltStrike ( run)
  • tag:TA505 ( run)
  • threat_type:cc_skimming ( run)
  • uuid:87f310f3-540b-11eb-922c-42010aa4000a ( run)

Date (UTC)IOCMalwareTagsReporter
2024-09-18 22:2396ba44d6b170a603168bdf3e816f1ea2 StarLoader Grim
2024-09-18 22:235c77081476c9f44fd00c05ed385462b8020667cac4b0609d509de2c145a5d36f StarLoader Grim
2024-09-18 22:232e14b8f621dd5e5856d2bc715ab5e17e565bfa33 StarLoader Grim