ThreatFox IOC Database

You are browsing the Indicator Of Compromise (IOC) database of ThreatFox. If you would like to contribute IOCs to the corpuse, you can do so through either the web form or the API.


236

IOCs shared (past 24 hours)

ClearFake

Most seen malware family (past 24 hours)

1'692'534

IOCs in corpus


Using the form below, you can search for malware samples by a hash (MD5, SHA256, SHA1), imphash, tlsh hash, ClamAV signature, tag or malware family.

Browse Database

Search syntax is as follow: keyword:search_term

Following is a list of accepted keywords along with an example search_term

  • ioc:ms-debug-services.com ( run)
  • malware:CobaltStrike ( run)
  • tag:TA505 ( run)
  • threat_type:cc_skimming ( run)
  • uuid:87f310f3-540b-11eb-922c-42010aa4000a ( run)

Date (UTC)IOCMalwareTagsReporter
2026-02-07 19:076810ec9dab0b4a7bb4f60397b5d0e76f9a10a93c UACMe Grim
2026-02-07 19:07a205f794058c59a19322debb1e96a6133ebbab01cb57ae159c2ddb3c7e97a922 UACMe Grim
2026-02-07 19:079ac267c88b27f4eac20f50e47946d606 UACMe Grim