ThreatFox IOC Database

You are browsing the Indicator Of Compromise (IOC) database of ThreatFox. If you would like to contribute IOCs to the corpuse, you can do so through either the web form or the API.


500

IOCs shared (past 24 hours)

ClearFake

Most seen malware family (past 24 hours)

1'688'782

IOCs in corpus


Using the form below, you can search for malware samples by a hash (MD5, SHA256, SHA1), imphash, tlsh hash, ClamAV signature, tag or malware family.

Browse Database

Search syntax is as follow: keyword:search_term

Following is a list of accepted keywords along with an example search_term

  • ioc:ms-debug-services.com ( run)
  • malware:CobaltStrike ( run)
  • tag:TA505 ( run)
  • threat_type:cc_skimming ( run)
  • uuid:87f310f3-540b-11eb-922c-42010aa4000a ( run)

Date (UTC)IOCMalwareTagsReporter
2026-03-07 04:45570dcb09980de944815a0dbd7c4bf440 NirCmd Grim
2026-03-07 04:458f4f0e34d6c8b4b52f561bd6a8ff2fed57ba05e3 NirCmd Grim
2026-03-07 04:458638caa95e7b012e1ba8425c7d6de94c1e97a6f807caea1c85567a12f53d6f18 NirCmd Grim
2026-02-17 02:41ca794c3f195c82821b6f589922078fa5f7d1cf414f92e4888d4c059625a9c2a9 NirCmd Grim
2026-02-17 02:41ee3533a82e2c3ed9da31c231210c0ae7 NirCmd Grim
2026-02-17 02:410cd9274ae1e4f0f48599a38d9315149e36aa1038 NirCmd Grim
2026-02-17 02:4022801a17523f7e65b72f00b9d8560fce NirCmd Grim
2026-02-17 02:4062577c9bf508b3132b45f11e930a443205d64b16 NirCmd Grim
2026-02-17 02:4060fd68930f6e7ae7dea56dfb69d5fd0a3a1993bc74bb15315abede65f35a0743 NirCmd Grim
2026-02-01 02:423e10f07802f1a74280b96328bb6e9c34 NirCmd Grim
2026-02-01 02:4213001e22bdf8b0736bfe656dd9bdd00668a1047f NirCmd Grim
2026-02-01 02:4288290313eb4c0239d427acc7adb59b9a36bd3cd545a92e152362b15b4c681b00 NirCmd Grim