Mimir – Smart OSINT Collection Of Common IOC Types

Smart OSINT collection of common IOC types.

This application is designed to assist security analysts and researchers with the collection and assessment of common IOC types. Accepted IOCs currently include IP addresses, domain names, URLs, and file hashes.
The title of this project is named after Mimir, a figure in Norse mythology renowned for his knowledge and wisdom. This application aims to provide you knowledge into IOCs and then some added “wisdom” by calculating risk scores per IOC, assigning a common malware family name to hash lookups based off of reports from VirusTotal and OPSWAT, and leveraging machine learning tools to determine if an IP, URL, or domain is likely to be malicious.

Base Collection
For network based IOCs, Mimir gathers basic information including:

  • Whois
  • ASN
  • Geolocation
  • Reverse DNS
  • Passive DNS

Collection Sources
Some of these sources will require an API key, and occassionally only by getting a paid account. I’ve tried to limit reliance on paid services as much as possible.

  • PassiveTotal
  • VirusTotal
  • DomainTools
  • Google SafeBrowsing
  • Shodan
  • PulseDive
  • URLscan
  • HpHosts
  • Blacklist checks
  • Spam blacklist checks

Risk Scoring
The risk scoring works best when Mimir can gather a decent amount of data points for an IOC; pDNS, well populated url/domain results (communicating samples, associated samples, recent scan data, etc.) and also takes into account the ML malicious-ness prediction result.

Machine Learning Predictions
The machine learning prediction results come from the CSIRT Gadgets projects csirtg-domainsml-py, csirtg-ipsml-py, csirtg-urlsml-py.

Mimir offers results output in various options including local file reports or exporting the results to an external service.

  • stdout (console output) 
    • normalizes result data, printed with headers and subheaders per module
  • JSON file 
    • beautified output to local file
  • Excel 
    • uses multiple sheets per IOC type
  • MISP 
    • commit new indicators
  • ThreatConnect 
    • commit new indicators with confidence and threat ratings (optionally assign tags, a description, and a TLP setting)

Download Mimir


This is only an educational purposes only I am not responsible for further activities

Join my forum and learn more ethical hacking and penetration testing


Get me at







8 Replies to “Mimir – Smart OSINT Collection Of Common IOC Types”

  1. You are right the chances of manipulating whole population views points by filtering the searching and displaying only positive messages are very worrying indeed. Devinne Ransom Wendelina

  2. Some state regulations are also stronger than others and NSW is recognized for obtaining incredibly tight regulations. Peri Les Lipp

  3. Awesome write-up. I am a regular visitor of your blog and appreciate you taking the time to maintain the excellent site. I will be a frequent visitor for a long time. Marissa Giulio Emeric

Leave a Reply

Your email address will not be published. Required fields are marked *