Threat Miner – Maltego

Threat Miner – Maltego

ThreatMiner is a threat intelligence portal designed to enable analysts to research under a single interface. Recognizing that ThreatMiner may not have all the information required, links to external resources such as VirusTotal are also included to allow analysts to quickly search for additional information from other sources via a single click, thus minimizing the number of clicks required for analysts to search for the answer they are looking for. The emphasis of ThreatMiner isn’t just about indicators of compromise (IOCs) but also to provide analysts with contextual information related to the IOC they are looking at. Without contextual information, an IOC is just a data point.

Step 1:

Install Threat Miner on Maltego.

Step 2:

Create a New Graph in the top left corner.

Step 3:

Select an Entity & Scan

Select an IPv4 Address to scan under Entity palette. Here is the IP Address of a website that hosts malicious files.

We can run the transform Threat Miner >> IP to Samples and see if the scan returns any results

The scan returned 5 malicious files and their hashes, we can run further transforms on these malware samples.

Lets run the transform ThreatMiner >> Malware to Domains.

Step 4:


In an Full Screen View (Alt + Return) & Detail View we can see the Malicious files (RED Icons) are connected to multiple other Domains (BLUE Icons).