TuesdayTool 18: ThreatMiner

Holla folks, it’s been a while of writing to you all. It’s been a hectic season with a lot of happenings here and there. I am glad to be back again.

Have you ever been in a security investigation that requires you to check for the reputation of a domain or IP address(es) before? Yes, you have experience using popular tools like VirusTotal, AbuseIPDB, and IBM Xforce Exchange. I came across an open-source intelligence tool that can perform the same function as the above-mentioned tools. This tool incorporates the functions of some of the tools mentioned above including Ipinfo, hybrid analysis, robetx, cleanMX, and many more. This tool is called “ThreatMiner”

About ThreatMiner

ThreatMiner is a threat intelligence platform that offers advanced features for security professionals. Security professionals can leverage ThreatMiner for the following:

1. Go to threatminer.org
2. Use the “Search” function to query domains, IPs, URLs, or email addresses
3. Analyze results, such as threat scores, categories, and other related artifacts.
4. Explore the “Threats” tab for in-depth information on malware, phishing, and other malicious software such as ransomware.
5. Use the “Correlations” feature to identify connections between threats and indicators of compromise
6. Use the API for automated threat lookups and integrations.
7. Integrate ThreatMiner data into SIEM (Security Information and Event Management) tool or threat intelligence platform for enhanced visibility.
8. Use the “Report” tab to download threat campaigns and reports based on the year. You can also search reports based on the year or the title.

A non-technical professional who receives a phishing email or link and values online safety can also use it to verify the reputation of links or email addresses in the following steps:

1. Go to the link threatminer.org, type in a website or email address
2. Click “Search” to see if the domain or email address has been reported to either be “suspicious” or “malicious“
3. Check the red flags for warnings such as “Malicious” or “Phishing”.
4. If none of the warnings appears, you will see a green “Benign” label.

Conclusion

ThreatMiner is another tool that encapsulates other tools for effective delivery. It will be useful to have it in your arsenal. Add it and use it in conjunction with other security tools for best practices for effective and comprehensive threat intelligence.

Till I come your way again next week Tuesday, #BeCyberSmart

Cyberliza writes TuesdayTool