How to use ThreatMiner

To help users get the most out of ThreatMiner, this page lists all the search operators currently implemented.

If you encounter any problems with any of the following features, please send a direct message to @threatminer or email michael.yip.apps [{a}] gmail.com.

Indicator type Search operator Full text Results Sample URL Note
Domain N/A Exact match only.
  • WHOIS
  • APTNotes
  • Passive DNS
  • URI
  • Related Samples
https://www.threatminer.org/domain.php?q=google.com N/A
IP N/A Exact match only.
  • WHOIS
  • APTNotes
  • Passive DNS
  • Passive SSL
  • URI
  • Related Samples
https://www.threatminer.org/host.php?q=216.58.213.110 N/A
Sample hash (MD5, SHA1, SHA256) N/A Exact match only.
  • File metadata
  • APTNotes
  • Domains
  • Hosts
  • AV detections
  • HTTP Traffic
  • Mutants
  • Registry keys
https://www.threatminer.org/sample.php?q=e6ff1bf0821f00384cdd25efb9b1cc09 N/A
Import hash (imphash) imphash: Exact match only.
  • APTNotes
  • Related samples
https://www.threatminer.org/imphash.php?q=1f4f257947c1b713ca7f9bc25f914039 N/A
SSDeep hash ssdeep: Exact match only.
  • APTNotes
  • Related samples
https://www.threatminer.org/ssdeep.php?q=1536:TJsNrChuG2K6IVOTjWko8a9P6W3OEHBQc4w4:TJs0oG2KSTj3o8a9PFeEHn4l N/A
Email address N/A Exact match only.
  • Checks haveibeenpwned.com
  • APTNotes
  • Domains (and subdomains)
https://www.threatminer.org/email.php?q=wkymyx@126.com N/A
SSL hash (SHA1) ssl: Exact match only.
  • APTNotes
  • Hosts
https://www.threatminer.org/ssl.php?q=7359755c6df9a0abc3060bce369564c8ec4542a3 N/A
SSL organisation name ssl.o: Exact match only.
  • APTNotes
  • SSL certificates
https://www.threatminer.org/ssls.php?q=solusvm%20slave&t=14 N/A
SSL organisation unit ssl.ou: Exact match only.
  • APTNotes
  • SSL certificates
https://www.threatminer.org/ssls.php?q=co44ks5z0zjma0u&t=15 N/A
SSL common name ssl.cn: Exact match only.
  • APTNotes
  • SSL certificates
https://www.threatminer.org/ssls.php?q=*.google.com&t=16 N/A
SSL country name ssl.c: Exact match only.
  • APTNotes
  • SSL certificates
https://www.threatminer.org/ssls.php?q=us&t=17 N/A
SSL locality ssl.l: Exact match only.
  • APTNotes
  • SSL certificates
https://www.threatminer.org/ssls.php?q=server.local.com&t=18 N/A
SSL state or province name ssl.st: Exact match only.
  • APTNotes
  • SSL certificates
https://www.threatminer.org/ssls.php?q=california&t=19 N/A
Malware detection name (e.g. Trojan.Enfal) av: Exact match only.
  • APTNotes
  • Related samples
https://www.threatminer.org/av.php?q=Trojan.Enfal N/A
Any filename string (e.g. .scr, resume.doc) filename: Full text.
  • Related samples
https://www.threatminer.org/filename.php?q=.scr N/A
Any mutex string (e.g. UVhVXmJpX2Ax) mutex: Full text.
  • APTNotes
  • Related samples
https://www.threatminer.org/mutex.php?q=UVhVXmJpX2Ax N/A
Any registry key string (e.g. \\run for finding samples which modifies the run key) reg: Full text.
  • APTNotes
  • Related samples
https://www.threatminer.org/registry.php?q=\\run This search operator can take a while to return results.
Any URI string (e.g. main.php) uri: Full text.
  • APTNotes
  • Related samples
https://www.threatminer.org/uri.php?q=main.php N/A
Any User-Agent string (e.g. Python-urllib) ua: Full text.
  • APTNotes
  • Related samples
https://www.threatminer.org/ua.php?q=Python-urllib N/A