ThreatFox IOC Database

You are browsing the Indicator Of Compromise (IOC) database of ThreatFox. If you would like to contribute IOCs to the corpuse, you can do so through either the web form or the API.


478

IOCs shared (past 24 hours)

ClearFake

Most seen malware family (past 24 hours)

1'689'315

IOCs in corpus


Using the form below, you can search for malware samples by a hash (MD5, SHA256, SHA1), imphash, tlsh hash, ClamAV signature, tag or malware family.

Browse Database

Search syntax is as follow: keyword:search_term

Following is a list of accepted keywords along with an example search_term

  • ioc:ms-debug-services.com ( run)
  • malware:CobaltStrike ( run)
  • tag:TA505 ( run)
  • threat_type:cc_skimming ( run)
  • uuid:87f310f3-540b-11eb-922c-42010aa4000a ( run)

Date (UTC)IOCMalwareTagsReporter
2024-09-30 17:091dfcaaf6f77e1a2dc1d4c36305885518 BlackRouter Grim
2024-09-30 17:098e65d1ce6e66ab7d6d173444b6a51f890bcd879ad93ecdc2b5d7be0560552d14 BlackRouter Grim
2024-09-30 17:09e0709a17751bed96486182224fa0f75c261744cd BlackRouter Grim