In recent years, cyber attacks have consistently grown in terms of volume, sophistication, coordination, and pervasiveness. Such attacks impose billions of dollars loss to companies and government entities annually. Sharing cyber threat intelligence (CTI) about ongoing attacks can significantly improve the current situation as many cyber attackers tend to reuse or share their network infrastructure, techniques, tactics, and procedures across multiple attacks. Therefore, many security professionals devote their time and effort on hunting cyber threats and sharing such valuable information with the public through public data sharing platforms such as social media and text sharing websites. However, due to the sheer volume of information that is being shared on such platforms; finding CTI information is tantamount to looking for a needle in a haystack. In this paper, we present a new scalable framework, IoCMiner, to automatically extract CTI, in special Indicators of Compromise, from Twitter. It utilizes a combination of graph theory, machine learning, and text mining technique to achieve its goal. IoCMiner relies on a reputation model to discover credible twitterers who publish CTI, and only tracks the tweet stream of such Twitter handles. Moreover, it employs a CTI classifier to further filter out non-CTI tweets from the observed data streams. Finally, IoCs uses a set of regular expression rules to extract IoCs from the identifies tweets. Through experimentation, we show the usefulness of IoCMiner in finding fresh IoCs from Twitter. In the course of four weeks, IoCMiner identified more than 1,200 IoCs, including malicious URLs. Only 10% of the URLs were already listed in public blacklist databases at the time of extraction. The number of URLs that appeared in blacklists increased to 26% after one week.