Full list of Google Threat Intelligence search modifiers

Although we have the most common modifiers documented with description and examples at:

File search modifiers article.
IP Address search modifiers article.
Domain search modifiers article.

In this article you will find the full list of modifiers for each entity:

List of File modifiers
List of IP modifiers
List of Domain modifiers
List of URL modifiers
List of Collection modifiers
List of Reference modifiers
List of IOC Stream modifiers

List of File modifiers


acronisad_awareahnlab_v3alibaba
alyacandroguardandroguard_packageantiy_avl
apexarcabitattack_tacticattack_technique
authentihashavastavast_mobileavg
aviraavwarebabablebaidu
behashbehaviourbehaviour_command_executionsbehaviour_created_processes
behaviour_filesbehaviour_injected_processesbehaviour_networkbehaviour_processes
behaviour_registrybehaviour_servicesbehaviour_tagsbitdam_atp
bitdefenderbitdefenderfalxbitdefenderthetabkav
c2aecapacapability_tagcape
cape_sandboxcat_quickhealclamavclue
cmccodeinsightcollectioncomment
comment_authorcontacted_ipcontentcp
creation_datecrowdsourced_ai_analysiscrowdsourced_ai_verdictcrowdsourced_ids
crowdsourced_yara_rulecrowdstrikecyber_adaptcybereason
cylancecynetcyrendas_security_orcas
deepinstinctdetectiteasydns_lookup_countdocguard
dr_web_vxcubedrwebelasticelf_digest
email_subjectembedded_domainembedded_ipembedded_url
emsisoftendgameenginesep
eset_nod32exportsf_protf_secure
f_secure_sandboxfireeyefirst_submitterfortinet
fsgdatagooglegoresym
gridinsofthavehispasec_ai_analysishispasec_ai_verdict
http_conversation_countikarusimphashimports
invinceaip_traffic_countitwjiangmin
k7antivirusk7gwkasperskykingsoft
lalanglastlinelionic
lsmagicmain_icon_dhashmain_icon_md5
malware_configmalwarebytesmalwationmax
maxsecuremcafeemcafee_gw_editionmetadata
microsoftmicrosoft_sysinternalsmicroworld_escanmin_engines_banker
min_engines_emotetnamenano_antivirusnetguid
nics_ai_analysisnics_ai_verdictnprotectnsfocus_poma
os_x_sandboxppackerpaloalto
pandaqianxin_reddripqihoo_360reaqta_hive
reputationresourcerich_pe_header_hashrising
rising_movesssandbox_namesangfor
sangfor_zsandscan_timeoutscan_unsupportedsecneurx
secondwritesectionsectionmd5segment
sentinelonesha256sigchecksigma_critical
sigma_highsigma_lowsigma_mediumsigma_rule
sigma_rulesetsimilar-tosizeskyhigh
sndboxsophosssdeepsubmitter
subspansuggested_threat_labelsuperantispywaresymantec
symantecmobileinsighttachyontagtehtris
telfhashtencenttencent_habothehacker
threat_actortlshtotaldefensetraffic
trapminetrendmicrotrendmicro_housecalltrid
trustlooktypeusvarist
vba32venuseye_sandboxvhashvipre
viritvirobotvirustotal_androboxvirustotal_box_of_apples
virustotal_cuckooforkvirustotal_droidyvirustotal_jsboxvirustotal_jujubox
virustotal_observervirustotal_r2dboxvmraywebroot
whitearmorxcitiumyandexyomi_hunter
zenboxzenboxzenbox_androidzenbox_linux
zillyazonealarmzonerzscaler

List of IP modifiers


0xsi_f33dabusixacronisadminuslabs
ailabs__monitorapp_alienvaultalphamountain_aialphasoc
antiy_avlarcsight_threat_intelligenceasnaso
autoshunavirabenkow_ccbfore_ai_precrime
bitdefenderbkavbluelivcertego
chong_lua_daocins_armycluster25cmc_threat_intelligence
collectioncommentcomment_authorcommunicating_files_max_detections
continentcountrycrdfcriminal_ip
crowdseccyancyblecyradar
desenmascara_medetected_communicating_files_countdetected_downloaded_files_countdetected_referring_files_count
detected_urls_countdns8domain_resolutions_countdownloaded_files_max_detections
dr_webemergingthreatsemsisoftengines
ermesesetestsecurityforcepoint_threatseeker
fortinetg_datagoogle_safebrowsinggreensnow
haveheimdal_securityipipsum
jarmjuniper_networksk7antiviruskaspersky
last_modification_datelioniclumumalwared
malwarepatrolmalwares_com_url_checkernetcraftopenphish
ppathphishfortphishing_database
phishlabsphishtankprebytesprecisionsec
quick_healqutterareferring_files_max_detectionsregional_internet_registry
reputationsafetoopenscantitanscumware_org
seclookupsecurebrainsecurolyticssegasec
snort_ip_sample_listsocradarsophosspam404
ssl_issuerssl_not_afterssl_not_beforessl_serial
ssl_subjectssl_thumbprintstopforumspamsucuri_sitecheck
tagthreat_actorthreathivethreatsourcing
trustwaveurlhausurlqueryurls_max_detections
viettel_threat_intelligencevipreviribackvx_vault
webrootwhoiswhois_datexcitium_verdict_cloud
yandex_safebrowsingzerocertzvelo

List of Domain modifiers


0xsi_f33da_recorda_ttlaaaa_record
aaaa_ttlabusixacronisadminuslabs
ailabs__monitorapp_alexa_rankalienvaultalphamountain_ai
alphasocantiy_avlarcsight_threat_intelligenceasn
asoautoshunavirabenkow_cc
bfore_ai_precrimebitdefenderbkavblueliv
caa_recordcaa_ttlcategorycertego
chong_lua_daocins_armycisco_umbrella_rankcluster25
cmc_threat_intelligencecname_recordcname_ttlcollection
commentcomment_authorcommunicating_files_max_detectionscrdf
creation_datecriminal_ipcrowdseccyan
cyblecyradardepthdesenmascara_me
detected_communicating_files_countdetected_downloaded_files_countdetected_referring_files_countdetected_urls_count
dname_recorddname_ttldns8domain
domain_regexdownloaded_files_max_detectionsdr_webemergingthreats
emsisoftenginesermeseset
estsecurityforcepoint_threatseekerfortinetfuzzy_domain
g_datagoogle_safebrowsinggreensnowhave
heimdal_securityipsumjarmjuniper_networks
k7antiviruskasperskylast_modification_datelast_update_date
lioniclumumain_icon_dhashmain_icon_md5
majestic_rankmalwaredmalwarepatrolmalwares_com_url_checker
mx_recordmx_ttlnetcraftns_record
ns_ttlopenphishpparent_domain
pathphishfortphishing_databasephishlabs
phishtankpopularity_rankprebytesprecisionsec
quick_healqutterareferring_files_max_detectionsregistrar
reputationsafetoopenscantitanscumware_org
seclookupsecurebrainsecurolyticssegasec
snort_ip_sample_listsoa_recordsoa_ttlsocradar
sophosspam404ssl_issuerssl_not_after
ssl_not_beforessl_serialssl_subjectssl_thumbprint
statvoo_rankstopforumspamsucuri_sitechecktag
threat_actorthreathivethreatsourcingtld
trustwavettltxt_recordtxt_ttl
urlhausurlqueryurls_max_detectionsviettel_threat_intelligence
vipreviribackvx_vaultwebroot
whoiswhois_datexcitium_verdict_cloudyandex_safebrowsing
zerocertzvelo

List of URL modifiers


0xsi_f33dabusixacronisadminuslabs
ailabs__monitorapp_alienvaultalphamountain_aialphasoc
antiy_avlarcsight_threat_intelligenceasnaso
autoshunavirabenkow_ccbfore_ai_precrime
bitdefenderbkavbluelivcategory
certegochong_lua_daocins_armycluster25
cmc_threat_intelligencecollectioncommentcomment_author
contacted_domaincontacted_ipcontentcookie
cookie_valuecrdfcriminal_ipcrowdsec
cyancyblecyradardesenmascara_me
dns8dr_webemergingthreatsemsisoft
enginesermesesetestsecurity
exact_pathextensionfirst_submitterforcepoint_threatseeker
fortinetfsfuzzy_hostnameg_data
google_safebrowsinggreensnowhaveheader
header_valueheimdal_securityhostnameip
ipsumjuniper_networksk7antiviruskaspersky
lalioniclslumu
main_icon_dhashmain_icon_md5malwaredmalwarepatrol
malwares_com_url_checkermax_url_positivesmetanetcraft
openphishoutgoing_linkpparent_domain
passwordpathphishfortphishing_database
phishlabsphishtankportprebytes
precisionsecquery_fieldquery_valuequick_heal
qutteraredirects_toreputationresponse_code
response_positivesresponse_sha256response_sizes
safetoopenscantitanschemescumware_org
seclookupsecurebrainsecurolyticssegasec
sha256snort_ip_sample_listsocradarsophos
spam404stopforumspamsubmittersucuri_sitecheck
tagtargeted_brandthreat_actorthreathive
threatsourcingtitletldtracker
trustwaveurlurlhausurlquery
usernameviettel_threat_intelligencevipreviriback
vx_vaultwebrootxcitium_verdict_cloudyandex_safebrowsing
zerocertzvelo

List of Collection modifiers


capabilitycommentcomment_authorcreation_date
descriptiondetectiondomainsfiles
fshaveipslast_modification_date
lsmalware_rolemerged_actormotivation
nameoperating_systemoriginowner
referencessigma_rulessource_regionsponsor_region
tagtargeted_industrytargeted_industry_grouptargeted_region
threat_actorthreat_actorsthreat_categoryurls
yara_rulesets

List of Reference modifiers


authorcollectionscreation_datedescription
domaindomainsfilesiocs
ip_addresseslast_modification_dateparent_domainsource_region
sponsor_regionsubmittertagtargeted_industry
targeted_regionthreat_actorsthreat_categorytitle
urls

List of IOC Stream modifiers


dateentity_typeoriginsource_type