Overview
Threat Crowd is part of an open Threat Intelligence community which permits global collaboration and sharing of cyber threats. Users share IP addresses or websites from which attacks have originated, or, look up specific threats to see if anyone in the intelligence community has provided information about them and determined them to be malicious.
Query ThreatCrowd for Malware, Passive DNS and historical Whois data.
To read more click here.
ThreatCrowd Transforms
ThreatCrowdEnrichIP
Description
Returns domains and IP addresses that connect to the IP address.
Transform Meta Info
| Information | Value |
|---|---|
| Display Name | ThreatCrowdEnrichIP |
| Owner | Chris Doman |
| Author | threatcrowd@gmail.com |
| Data Source | |
| Transform Name | ThreatCrowdEnrichIP |
| Input Entities | maltego.IPv4Address |
| Output Entities | Phrase |
| Short Description | Returns domains and IP addresses that connect to the IP address. |
ThreatCrowdEnrichDomain
Description
Returns IP addresses and malware that connect to the domain.
Transform Meta Info
| Information | Value |
|---|---|
| Display Name | ThreatCrowdEnrichDomain |
| Owner | Chris Doman |
| Author | threatcrowd@gmail.com |
| Data Source | |
| Transform Name | ThreatCrowdEnrichDomain |
| Input Entities | maltego.Domain |
| Output Entities | Phrase |
| Short Description | Returns IP addresses and malware that connect to the domain. |
ThreatCrowdEnrichEmail
Description
Returns domains that are registered to the e-mail address.
Transform Meta Info
| Information | Value |
|---|---|
| Display Name | ThreatCrowdEnrichEmail |
| Owner | Chris Doman |
| Author | threatcrowd@gmail.com |
| Data Source | |
| Transform Name | ThreatCrowdEnrichEmail |
| Input Entities | maltego.EmailAddress |
| Output Entities | Phrase |
| Short Description | Returns domains that are registered to the e-mail address. |
ThreatCrowdEnrichMalwareName
Description
Enriches a malware detection, for example \\"PoisonIvy\", to MD5s matching the detection.
Transform Meta Info
| Information | Value |
|---|---|
| Display Name | ThreatCrowdEnrichMalwareName |
| Owner | Chris Doman |
| Author | threatcrowd@gmail.com |
| Data Source | |
| Transform Name | ThreatCrowdEnrichMalwareName |
| Input Entities | maltego.Phrase |
| Output Entities | Phrase |
| Short Description | Enriches a malware detection, for example \\"PoisonIvy\", to MD5s matching the detection. |
ThreatCrowdEnrichMD5
Description
Returns domains and IP addresses that malware matching the MD5 hash beacon to.
Transform Meta Info
| Information | Value |
|---|---|
| Display Name | ThreatCrowdEnrichMD5 |
| Owner | Chris Doman |
| Author | threatcrowd@gmail.com |
| Data Source | |
| Transform Name | ThreatCrowdEnrichMD5 |
| Input Entities | maltego.Hash |
| Output Entities | Phrase |
| Short Description | Returns domains and IP addresses that malware matching the MD5 hash beacon to. |