Full list of Google Threat Intelligence search modifiers

Although we have the most common modifiers documented with description and examples at:

File search modifiers article.
IP Address search modifiers article.
Domain search modifiers article.

In this article you will find the full list of modifiers for each entity:

List of File modifiers
List of IP modifiers
List of Domain modifiers
List of URL modifiers
List of Collection modifiers
List of Reference modifiers
List of IOC Stream modifiers

List of File modifiers


acronisad_awareahnlab_v3alibaba
alibabacloudalyacandroguardandroguard_package
antiy_avlapexarcabitattack_tactic
attack_techniqueauthentihashavastavast_mobile
avgaviraavwarebabable
baidubehashbehaviourbehaviour_command_executions
behaviour_created_processesbehaviour_filesbehaviour_injected_processesbehaviour_network
behaviour_processesbehaviour_registrybehaviour_servicesbehaviour_signature
behaviour_tagsbitdam_atpbitdefenderbitdefenderfalx
bitdefenderthetabkavbytedefend_ai_analysisbytedefend_ai_verdict
c2aecapacapability_tagcape
cape_linuxcape_sandboxcat_quickhealclamav
cluecmccodeinsightcollection
commentcomment_authorcontacted_ipcontent
cpcreation_datecrowdsourced_ai_analysiscrowdsourced_ids
crowdsourced_yara_rulecrowdstrikectxcyber_adapt
cybereasoncylancecynetdas_security_orcas
deepinstinctdetectiteasydns_lookup_countdocguard
dr_web_vxcubedrwebelasticelf_digest
email_subjectembedded_domainembedded_ipembedded_url
emsisoftendgameenginesep
eset_nod32exportsf_protf_secure
f_secure_sandboxfilecondis_dhashfireeyefirst_submitter
fortinetfsgdatagoogle
google_safebrowsinggoresymgridinsoftgti_score
gti_severitygti_verdicthavehispasec_ai_analysis
hispasec_ai_verdicthttp_conversation_counthuorongikarus
imphashimportsinvinceaip_traffic_count
itwjiangmink7antivirusk7gw
kasperskykingsoftlalang
lastlinelioniclsmagic
magikamain_icon_dhashmain_icon_md5malware_config
malwarebytesmalwationmaxsecurembc
mcafeemcafeedmetadatamicrosoft
microsoft_sysinternalsmicroworld_escanmin_engines_bankermin_engines_emotet
namenano_antivirusnetguidnics_ai_analysis
nics_ai_verdictnprotectnsfocus_pomaos_x_sandbox
ppackerpaloaltopanda
permhashqianxin_reddripqihoo_360reaqta_hive
reputationresourcerich_pe_header_hashrising
rising_movesssandbox_namesangfor
sangfor_zsandscan_timeoutscan_unsupportedsecneurx
secondwritesectionsectionmd5segment
sentinelonesha256sigchecksigma_critical
sigma_highsigma_lowsigma_mediumsigma_rule
sigma_rulesetsimilar-tosizeskyhigh
sndboxsophosssdeepsubmitter
subspansuggested_threat_labelsuperantispywaresymantec
symantecmobileinsightsymhashtachyontag
tehtristelfhashtencenttencent_habo
thehackerthreat_actortlshtotaldefense
traffictrapminetrendmicrotrendmicro_housecall
tridtrustlooktypeus
varistvba32venuseye_sandboxvhash
vipreviritvirobotvirustotal_androbox
virustotal_box_of_applesvirustotal_cuckooforkvirustotal_droidyvirustotal_jsbox
virustotal_jujuboxvirustotal_observervirustotal_r2dboxvmray
webrootwhitearmorxcitiumyandex
yomi_hunterzenboxzenboxzenbox_android
zenbox_linuxzenbox_macoszillyazonealarm
zonerzscaler

List of IP modifiers


0xsi_f33dabusixacronisadminuslabs
ailabs_monitorappalienvaultalphamountain_aialphasoc
antiy_avlarcsight_threat_intelligenceasnaso
autoshunaxurbenkow_ccbfore_ai_precrime
bitdefenderbkavbluelivcertego
chong_lua_daocins_armycluster25cmc_threat_intelligence
collectioncommentcomment_authorcommunicating_files_max_detections
continentcountrycrdfcriminal_ip
csis_security_groupcyancyblecyradar
desenmascara_medetected_communicating_files_countdetected_downloaded_files_countdetected_referring_files_count
detected_urls_countdns8domain_resolutions_countdownloaded_files_max_detections
dr_webemergingthreatsemsisoftengines
ermesesetestsecurityforcepoint_threatseeker
fortinetg_datagcp_abuse_intelligencegoogle_safebrowsing
greensnowgridinsoftgti_scoregti_severity
gti_verdicthaveheimdal_securityhunt_io_intelligence
ipipsumjarmjuniper_networks
kasperskylast_modification_datelioniclumu
malwaredmalwarepatrolmalwares_com_url_checkermalwareurl
mimecastnetcraftopenphishp
pathphishfortphishing_databasephishlabs
phishtankprebytesprecisionsecquick_heal
qutterareferring_files_max_detectionsregional_internet_registryreputation
safetoopensansec_ecomscanscantitanscumware_org
seclookupsecurebrainsecurolyticssnort_ip_sample_list
socradarsophosspam404ssl_issuer
ssl_not_afterssl_not_beforessl_serialssl_subject
ssl_thumbprintstopforumspamsucuri_sitechecktag
threat_actorthreathivethreatsourcingtrustwave
underworldurlhausurlqueryurls_max_detections
viettel_threat_intelligencevipreviribackvx_vault
webrootwhoiswhois_datexcitium_verdict_cloud
yandex_safebrowsingzerocertzerofoxzvelo

List of Domain modifiers


0xsi_f33da_recorda_ttlaaaa_record
aaaa_ttlabusixacronisadminuslabs
ailabs_monitorappalexa_rankalienvaultalphamountain_ai
alphasocantiy_avlarcsight_threat_intelligenceasn
asoautoshunaxurbenkow_cc
bfore_ai_precrimebitdefenderbkavblueliv
caa_recordcaa_ttlcategorycertego
chong_lua_daocins_armycisco_umbrella_rankcluster25
cmc_threat_intelligencecname_recordcname_ttlcollection
commentcomment_authorcommunicating_files_max_detectionscrdf
creation_datecriminal_ipcsis_security_groupcyan
cyblecyradardepthdesenmascara_me
detected_communicating_files_countdetected_downloaded_files_countdetected_referring_files_countdetected_urls_count
dname_recorddname_ttldns8domain
domain_regexdownloaded_files_max_detectionsdr_webemergingthreats
emsisoftenginesermeseset
estsecurityforcepoint_threatseekerfortinetfuzzy_domain
g_datagcp_abuse_intelligencegoogle_safebrowsinggreensnow
gridinsoftgti_scoregti_severitygti_verdict
haveheimdal_securityhunt_io_intelligenceipsum
jarmjuniper_networkskasperskylast_modification_date
last_update_datelioniclumumain_icon_dhash
main_icon_md5majestic_rankmalwaredmalwarepatrol
malwares_com_url_checkermalwareurlmimecastmx_record
mx_ttlnetcraftns_recordns_ttl
openphishpparent_domainpath
phishfortphishing_databasephishlabsphishtank
popularity_rankprebytesprecisionsecquick_heal
qutterareferring_files_max_detectionsregistrarreputation
safetoopensansec_ecomscanscantitanscumware_org
seclookupsecurebrainsecurolyticssnort_ip_sample_list
soa_recordsoa_ttlsocradarsophos
spam404ssl_issuerssl_not_afterssl_not_before
ssl_serialssl_subjectssl_thumbprintstatvoo_rank
stopforumspamsucuri_sitechecktagthreat_actor
threathivethreatsourcingtldtrustwave
ttltxt_recordtxt_ttlunderworld
urlhausurlqueryurls_max_detectionsviettel_threat_intelligence
vipreviribackvx_vaultwebroot
whoiswhois_datexcitium_verdict_cloudyandex_safebrowsing
zerocertzerofox

List of URL modifiers


0xsi_f33dabusixacronisadminuslabs
ailabs_monitorappalienvaultalphamountain_aialphasoc
antiy_avlarcsight_threat_intelligenceasnaso
autoshunaxurbenkow_ccbfore_ai_precrime
bitdefenderbkavbluelivcategory
certegochong_lua_daocins_armycluster25
cmc_threat_intelligencecollectioncommentcomment_author
contacted_domaincontacted_ipcontentcookie
cookie_valuecrdfcriminal_ipcsis_security_group
cyancyblecyradardesenmascara_me
dns8dr_webemergingthreatsemsisoft
enginesermesesetestsecurity
exact_pathextensionfirst_submitterforcepoint_threatseeker
fortinetfsfuzzy_hostnameg_data
gcp_abuse_intelligencegoogle_safebrowsinggreensnowgridinsoft
gti_scoregti_severitygti_verdicthave
headerheader_valueheimdal_securityhostname
hunt_io_intelligenceipipsumjuniper_networks
kasperskylalionicls
lumumain_icon_dhashmain_icon_md5malwared
malwarepatrolmalwares_com_url_checkermalwareurlmax_url_positives
metamimecastnetcraftopenphish
outgoing_linkpparent_domainpassword
pathphishfortphishing_databasephishlabs
phishtankportprebytesprecisionsec
query_fieldquery_valuequick_healquttera
redirects_toreputationresponse_coderesponse_positives
response_sha256response_sizessafetoopen
sansec_ecomscanscantitanschemescumware_org
seclookupsecurebrainsecurolyticssha256
snort_ip_sample_listsocradarsophosspam404
stopforumspamsubmittersucuri_sitechecktag
targeted_brandthreat_actorthreathivethreatsourcing
titletldtrackertrustwave
underworldurlurlhausurlquery
usernameviettel_threat_intelligencevipreviriback
vx_vaultwebrootxcitium_verdict_cloudyandex_safebrowsing
zerocertzerofox

List of Collection modifiers


collection_typereport_type

List of IOC Stream modifiers


dateentity_typeoriginsource_type