ThreatFox IOC Database

You are browsing the Indicator Of Compromise (IOC) database of ThreatFox. If you would like to contribute IOCs to the corpuse, you can do so through either the web form or the API.


547

IOCs shared (past 24 hours)

Unknown malware

Most seen malware family (past 24 hours)

1'693'140

IOCs in corpus


Using the form below, you can search for malware samples by a hash (MD5, SHA256, SHA1), imphash, tlsh hash, ClamAV signature, tag or malware family.

Browse Database

Search syntax is as follow: keyword:search_term

Following is a list of accepted keywords along with an example search_term

  • ioc:ms-debug-services.com ( run)
  • malware:CobaltStrike ( run)
  • tag:TA505 ( run)
  • threat_type:cc_skimming ( run)
  • uuid:87f310f3-540b-11eb-922c-42010aa4000a ( run)

Date (UTC)IOCMalwareTagsReporter
2021-04-06 13:142261dbc9977932cd8dac9bccd7aae8472cdbd8e588aa4f10b02c8a1c0a6051d1 WastedLockerwastedlocker Virus_Deck
2021-04-06 13:14905ea119ad8d3e54cd228c458a1b5681abc1f35df782977a23812ec4efa0288a WastedLockerwastedlocker Virus_Deck
2021-03-14 23:5582D841869E912A772413BB37F30307B0 WastedLocker Virus_Deck