NEW | Hunt across all abuse.ch platforms with one simple query - discover if an IPv4 address, domain, URL or file hash has been identified on any platform from a centralized search tool. Test it out here hunting.abuse.ch - and happy hunting 🔍

ThreatFox Database

Indicators of Compromise (IOCs) on ThreatFox are associated with a certain malware fas. A malware sample can be associated with only one malware family. The page below gives you an overview on indicators of compromise associated with js.fakeupdates.

You can also get this data through the ThreatFox API.

Database Entry

Malware: FAKEUPDATES
Malware alias:FakeUpdate, SocGholish
First seen:2022-06-24 13:04:26 UTC
Last seen:2025-03-28 13:00:58 UTC
Number of IOCs:4'309
Malpedia: https://malpedia.caad.fkie.fraunhofer.de/details/js.fakeupdates

Indicators Of Compromise

The table below shows all indicators of compromise (IOCs) that are associated with this particulare malware family (max 1000).