ThreatFox IOC Database

You are browsing the Indicator Of Compromise (IOC) database of ThreatFox. If you would like to contribute IOCs to the corpuse, you can do so through either the web form or the API.

546

IOCs shared (past 24 hours)

Unknown malware

Most seen malware family (past 24 hours)

1'693'140

IOCs in corpus

Using the form below, you can search for malware samples by a hash (MD5, SHA256, SHA1), imphash, tlsh hash, ClamAV signature, tag or malware family.

Browse Database

Search syntax is as follow: keyword:search_term

Following is a list of accepted keywords along with an example search_term

ioc:ms-debug-services.com ( run)
malware:CobaltStrike ( run)
tag:TA505 ( run)
threat_type:cc_skimming ( run)
uuid:87f310f3-540b-11eb-922c-42010aa4000a ( run)

Date (UTC)	IOC	Malware	Reporter
2022-03-30 00:19	a64c3e0522fad787b95bfb6a30c3aed1b5786e69e88e023c062ec7e5cebf4d3e	HermeticWiper	Virus_Deck
2022-03-29 17:27	ffea1266b09abbf0ceb59119746d8630	HermeticWiper	Virus_Deck
2022-03-16 23:20	a294620543334a721a2ae8eaaf9680a0786f4b9a216d75b55cfd28f39e9430ea	CaddyWiper	Virus_Deck
2022-03-13 21:39	6C10466AD7C153E7F949FA3C6600B6AC	IsaacWiper	Virus_Deck