ThreatMiner
App Vendor: ThreatMiner
App Category: Data Enrichment & Threat Intelligence
Connector Version: 1.0.1
API Version: 1.0.0
About App
The ThreatMiner app allows security teams to integrate with the ThreatMiner enterprise application to get information on indicators of compromise (IOC) such as domains, IP address, malware samples (MD5, SHA1 and SHA256), SSL certificates, WHOIS information and malicious URLs such as phishing and malware links.
The ThreatMiner app is configured with Orchestrate application to perform the below-listed actions:
Action Name | Description |
|---|---|
Get IOC Details Using APT Notes | This action retrieves IOC details using APT Notes from the ThreatMiner service. |
Hash Samples Lookup | This action performs a hash samples lookup using the ThreatMiner service. |
Import Hash (Imphash) Lookup | This action performs an import hash (imphash) lookup using the ThreatMiner service. |
IP Address Lookup | This action performs an IP address lookup using the ThreatMiner service. |
Search APT Notes | This action searches APT Notes in the ThreatMiner database. |
SSDeep Lookup | This action performs an SSDeep lookup using the ThreatMiner service. |
SSL Certificate lookup | This action performs an SSL certificate lookup using the ThreatMiner service. |
Email Reverse Lookup | This action performs an email reverse lookup using the ThreatMiner service. |
Configuration Parameters
The ThreatMiner app does not require any configuration parameter to communicate with the ThreatMiner enterprise application.
Action: Get IOC Details Using APT Notes
This action retrieves IOC details using APT Notes from the ThreatMiner service.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query String | Enter the query string to retrieve IOC details. Example: "sample query string" | Text | Required | |
Year | Enter the year. Example: "2013" | Text | Required | |
RT Value | Enter the RT value to set as a flag. Example: "1" | Text | Optional | Each RT value is mapped to a query type. Allowed values:
Default value: "1" |
Example Request
[
{
"query_string": "sample query string",
"year": "2013",
"flag": "1"
}
]Action: Hash Samples Lookup
This action performs a hash samples lookup using the ThreatMiner service.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Hash Value | Enter the Hash value. Example: "sample query string" | Text | Required | |
RT Value | Enter the RT value to set as a flag. Example: "1" | Text | Optional | Each RT value is mapped to a query type. Allowed values:
Default value: "1" |
Example Request
[
{
"query_string": "sample query string",
"flag": "1"
}
]Action: Import Hash (Imphash) Lookup
This action performs an import hash (imphash) lookup using the ThreatMiner service.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Import Hash | Enter the Imphash value. Example: "sample hash value" | Text | Required | |
RT Value | Enter the RT value to set as a flag. Example: "1" | Text | Optional | Each RT value is mapped to a query type. Allowed values:
Default value: "1" |
Example Request
[
{
"hash_value": "sample hash value",
"flag": "1"
}
]Action: IP Address Lookup
This action performs an IP address lookup using the ThreatMiner service.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IP Address | Enter the IP address. Example: "1.1.1.1". | Text | Required | |
RT Value | Enter the RT value to set as a flag. Example: "1" | Text | Optional | Each RT value is mapped to a query type. Allowed values:
Default value:"1" |
Example Request
[
{
"ip_address": "1.1.1.1",
"flag": "1"
}
]Action: Search APT Notes
This action searches APT Notes in the ThreatMiner database.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query string | Enter the query string to search ATP notes. Example: "sofacy" | Text | Required | |
Rt value | Enter the RT value to set as a flag. Example: "1" | Text | Optional | Each RT value is mapped to a query type. Allowed values:
Default value: "1" |
Example Request
[
{
"query_string": "sofacy",
"flag": "1"
}
]Action: SSDeep Lookup
This action performs an SSDeep lookup using the ThreatMiner service.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
SSDeep Hash | Enter the SSDeep Hash value. Example: "sample hash value" | Text | Required | |
RT values | Enter the RT value to set as a flag. Example: "1" | Text | Optional | Each RT value is mapped to a query type. Allowed values:
Default value:"1" |
Example Request
[
{
"hash_value": "sample hash value",
"flag": "1"
}
]Action: SSL Certificate lookup
This action performs an SSL certificate lookup using the ThreatMiner service.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
SHA Hash | Enter the SHA Hash value. Example: "sample hash value" | Text | Required | |
RT values | Enter the RT value to set as a flag. Example: "1" | Text | Optional | Each RT value is mapped to a query type. Allowed values:
Default value:"1" |
Example Request
[
{
"hash_value": "sample hash value",
"flag": "1"
}
]Action: Email Reverse Lookup
This action performs an email reverse lookup using the ThreatMiner service.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
SHA Hash | Enter the SHA Hash value. Example: "sample hash value" | Text | Required | |
RT values | Enter the RT value to set as a flag. Example: "1" | Text | Optional | Each RT value is mapped to a query type. Allowed value: 1 (Domains) Default value:"1" |
Example Request
[
{
"hash_value": "sample hash value",
"flag": "1"
}
]