Threat intelligence and intrusion analysts who regularly perform research into malware and network infrastructure often find the need to rely on mutliple websites that individually holds a small piece of the larger puzzle.

Furthermore, it is often the case where pivoting directly from an open source research report is unavailable and that it is sometimes difficult to remember if an indicator has alredy been reported and/or attributed. All these small but frustrating obstacles distract an analyst from what they do best: analyse.

This is why ThreatMiner was created. To free analysts from data collection and provide analysts a portal on which they can carry out their tasks, from reading reports to pivoting and data enrichment.
The emphasis of ThreatMiner isn't just about indicators of compromise (IOCs) but also to provide analysts with contextual information related to the IOC they are looking at.

The presentation below provides a simple scenario which demonstrates how ThreatMiner can help with compromise discovery and threat research. Special thanks to Dragon Threat Lab (@DragonThreatLab) for the invitation to present to their team and permission to release the presentation using their template.

Tools

ThreatMiner would not be possible without some excellent open source tools kindly made available by other threat researchers. It is these initiatives that motivated the development of ThreatMiner.

Data Sources

ThreatMiner is a data aggregator which relies on a number of open source data feeds. However, it's important to note that ThreatMiner does automatic enrichment based on these data feeds.