Open navigation

VirusTotal

Modified on: Tue, 9 Feb, 2021 at 7:27 PM

Overview

Maltego VirusTotal Premium and Public API Transforms bring VirusTotal API integration to Maltego. Using these Transforms you can search, visualize, and analyze the VirusTotal dataset and the links between various Entities such as file hashes, domains, URLs and IP addresses among others.


VirusTotal provides a Public and a Premium API. The Public API is available for free to everyone. Whereas the Premium one requires pre-authorization from VirusTotal. Accordingly, we have split our VirusTotal Transforms into two Hub Items:

  • VirusTotal (Public API) - contains VirusTotal Public API Transforms. These are available to all Maltego users.
  • VirusTotal (Premium API) - contains VirusTotal Premium API Transforms. These are available to Classic, XL, and Maltego One users.

The main difference among the two APIs is in the number of requests and usage in commercial workflows.


Please refer this page to better understand the limits and permissible usage: https://developers.virustotal.com/v3.0/reference#public-vs-premium-api..


As part of the its Premium API VirusTotal provides VirusTotal Intelligence to search for files that match certain criteria (hash, antivirus detections, metadata, submission file names, file format, structural properties, file size, etc.). This functionality to do advanced searches is possible with the Raw Intelligence Search Transform present in the VirusTotal (Premium API) Hub Item.

All VirusTotal Transforms require an API key which can be obtained here https://www.virustotal.com/gui/join-us..


Important: If you are using the free API key, your Transform runs are subjected to rate-limiting by VirusTotal. Please refer to this page for details on rate-limiting: https://developers.virustotal.com/v3.0/reference#public-vs-premium-api..


Note: VirusTotal gathers data by analyzing Internet hosts, domains, URLs, IP addresses and files. This means VirusTotal may not have any information on a given Internet host, domain, URL, IP address or a file if it has not analyzed it already. In some cases, e.g. searching for a domain which has not been analyzed yet, VirusTotal may provide no results immediately, but that domain will be queued for analysis by VirusTotal. Searching for that domain after a while (usually after 5 minutes) could fetch some results.


Links

VirusTotal web interface:

https://www.virustotal.com


VirusTotal REST API Documentation:

https://developers.virustotal.com/v3.0/reference

 

Below, please find a detailed list of all the VirusTotal Public Transforms:


Annotate Domain [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True


Description

VirusTotal contains important information, most of which may not be represented as a Maltego Entity. This Transform searches VirusTotal for the given input domain and adds the retrieved information to the input Entity and to its detail view. This is done by generating a new Entity which overwrites the input Entity.

If the given domain is not found, the input Entity is not overwritten.

 

Transform Meta Info

Display Name

Annotate Domain [VirusTotal Public API]

Transform Name

virustotalpublic.annotateDomain

Short Description

Searches VirusTotal for the input domain, and the returned Entity will overwrite the original if previously analyzed by VirusTotal, adding analysis results to the detail view.

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.Domain

Output Entity(s)

maltego.Domain


Annotate URL [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

VirusTotal contains important information, most of which may not be represented as a Maltego Entity. This Transform searches VirusTotal for the given input URL and adds the retrieved information on the input Entity and the detail view. This is done by generating a new Entity which overwrites the input Entity.

If the given URL is not found, the input Entity is not overwritten.


Transform Meta Info

Display Name

Annotate URL [VirusTotal Public API]

Transform Name

virustotalpublic.annotateUrl

Short Description

Searches VirusTotal for the input Entity, and the returned Entity will overwrite the original if previously analyzed by VirusTotal, adding analysis results to the detail view.

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.URL

Output Entity(s)

maltego.URL


Annotate Ipv4 Address  [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

VirusTotal contains important information, most of which may not be represented as a Maltego Entity. This transform lookups searches VirusTotal for the input IP address and adds the retrieved information on the input entity and the detail view.This is done by generating a new entity which overwrites the input entity.

If the given IP address is not found, the input entity is not overwritten.


Transform Meta Info

Display Name

Annotate Ipv4 Address  [VirusTotal Public API]

Transform Name

virustotalpublic.annotateIpv4Address

Short Description

Searches VirusTotal for the input entity, and the returned entity will overwrite the original if previously analysed by VirusTotal, adding analysis results to the detail view

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.IPv4Address

Output Entity(s)

maltego.IPv4Address


Search VirusTotal [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform will search for the given DNS name in VirusTotal and return a Domain Entity if the DNS name was previously analysed.


Transform Meta Info

Display Name

Search VirusTotal [VirusTotal Public API]

Transform Name

virustotalpublic.dnsNameToSearchVirustotal

Short Description

Searches VirusTotal for the DNS name, returns a Domain Entity with analysis results in the detail view.

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.DNSName

Output Entity(s)

maltego.Domain


Search VirusTotal [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform searches VirusTotal for the input phrase and returns File, URL, Domain, IP Address or Comment Entities matching the given input.  Returned Comment Entities represent users comments in VirusTotal.

The input phrase may represent one of the following: * URL * Domain * DNS name * File hash * IP address.

If the input phrase does not represent any of the above, the search will be performed on the comments.


Transform Meta Info

Display Name

Search VirusTotal [VirusTotal Public API]

Transform Name

virustotalpublic.phraseToSearchVirustotal

Short Description

Searches VirusTotal for domains, IP addresses, file hashes, URLs and comments.

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.Phrase

Output Entity(s)

maltego.IPv4Address, maltego.Domain, maltego.virustotal.File, maltego.virustotal.Comment, maltego.URL


To AS Number [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns the AS number for the given IP address as determined by VirusTotal.


Transform Meta Info

Display Name

To AS Number [VirusTotal Public API]

Transform Name

virustotalpublic.ipv4AddressToAsNumber

Short Description

Returns the AS number for the given IP Address.

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.IPv4Address

Output Entity(s)

maltego.AS


To Admin Organization [VirusTotal Public API]

Transform Inputs

Not applicable


Description

This Transform parses the WHOIS Entity properties and returns the Admin Organization.


Transform Meta Info

Display Name

To Admin Organization [VirusTotal Public API]

Transform Name

virustotalpublic.whoisToAdminOrganization

Short Description

Returns the whois record admin organization

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.WHOIS

Output Entity(s)

maltego.Organization


To Author [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns the author of the given comment.


Transform Meta Info

Display Name

To Author [VirusTotal Public API]

Transform Name

virustotalpublic.commentToAuthor

Short Description

Returns the author of a given comment.

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.virustotal.Comment

Output Entity(s)

maltego.virustotal.User


To Bundled Files [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

During analysis, VirusTotal may notice that multiple files are bundled in a file. This is the case with tarball or ZIP files, and executables that contains a bundled payload.

This Transform returns those files that are bundled within the given file.


Transform Meta Info

Display Name

To Bundled Files [VirusTotal Public API]

Transform Name

virustotalpublic.virustotalFileToBundledFiles

Short Description

Returns the files bundled inside a given file

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.virustotal.File

Output Entity(s)

maltego.virustotal.File


To Categories [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

VirusTotal uses various partners engines to analyze domains. As part of this analysis the domains are assigned different categories such as business, academic, etc..  And this Transform with return the categories as Tag Entities.


Transform Meta Info

Display Name

To Categories [VirusTotal Public API]

Transform Name

virustotalpublic.dnsNameToCategories

Short Description

Returns category tags for the given domain

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.DNSName

Output Entity(s)

maltego.virustotal.Tag


To Categories [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

VirusTotal uses various partners engines to analyze domains and DNS names. As part of this analysis the domains are assigned different categories such as business, academic, etc..  And this Transform with return the categories as Tag Entities.


Transform Meta Info

Display Name

To Categories [VirusTotal Public API]

Transform Name

virustotalpublic.domainToCategories

Short Description

Returns category tags for the given DNS name.

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.Domain

Output Entity(s)

maltego.virustotal.Tag


To Categories [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

VirusTotal uses various partners engines to analyze URLs . As part of this analysis the URLs are assigned different categories such as business, academic, etc..  And this Transform with return the categories as Tag Entities.


Transform Meta Info

Display Name

To Categories [VirusTotal Public API]

Transform Name

virustotalpublic.urlToCategories

Short Description

Returns category tags for the given URL.

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.URL

Output Entity(s)

maltego.Phrase


To Comment Mentions [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns all the comments mentioning the specified user.

Users of VirusTotal can comment on the analyses and objects identifying domains, IP addresses, host names, etc.  These comments can mention other users to tag them. This allows us to create a graph where VirusTotal users and objects are connected by comments.


Transform Meta Info

Display Name

To Comment Mentions [VirusTotal Public API]

Transform Name

virustotalpublic.userToCommentMentions

Short Description

Returns the comments mentioning given user.

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.virustotal.User

Output Entity(s)

maltego.virustotal.Comment


To Commented Item [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns the VirusTotal object for which the input comment belongs to. It may return either of File, URL, Domain or IP Address Entities.


Transform Meta Info

Display Name

To Commented Item [VirusTotal Public API]

Transform Name

virustotalpublic.commentToVirusTotalItem

Short Description

Returns the item on which the given comment was posted.

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.virustotal.Comment

Output Entity(s)

maltego.virustotal.File,maltego.Domain,maltego.IPv4Address,maltego.URL


To Comments Authored [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns all the comments authored by the given user.


Transform Meta Info

Display Name

To Comments Authored [VirusTotal Public API]

Transform Name

virustotalpublic.userToCommentsAuthored

Short Description

Returns the comments authored by the user.

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.virustotal.User

Output Entity(s)

maltego.virustotal.Comment


To Communicating Files [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

VirusTotal analyses submitted files by running them in various sandboxes and gathers information about the files’ behaviour.  This Transform returns the files which were observed to have communicated or attempted to communicate with the given DNS host name.


Transform Meta Info

Display Name

To Communicating Files [VirusTotal Public API]

Transform Name

virustotalpublic.dnsNameToCommunicatingFiles

Short Description

Returns files communicating with the given DNS name

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.DNSName

Output Entity(s)

maltego.virustotal.File


To Communicating Files [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

VirusTotal analyzes submitted files by running them in various sandboxes and gathers information about the files’ behaviour.  This Transform returns the files which were observed to have communicated or attempted to communicate with the given domain name.


Transform Meta Info

Display Name

To Communicating Files [VirusTotal Public API]

Transform Name

virustotalpublic.domainToCommunicatingFiles

Short Description

Returns files communicating with the given domain.

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.Domain

Output Entity(s)

maltego.virustotal.File


To Communicating Files [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

VirusTotal analyzes submitted files by running them in various sandboxes and gathers information about the files’ behaviour.  This Transform returns the files which were observed to have communicated or attempted to communicate with the given IP address.


Transform Meta Info

Display Name

To Communicating Files [VirusTotal Public API]

Transform Name

virustotalpublic.ipv4AddressToCommunicatingFiles

Short Description

Returns files communicating with the given IP Address.

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.IPv4Address

Output Entity(s)

maltego.virustotal.File


To Community Comments [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns comments made on the input DNS name.

Users of VirusTotal can comment on the analyses and objects identifying domains, IP addresses, host names, etc.  These comments can mention other users to tag them. This allows us to create a graph where VirusTotal users and objects are connected by comments.


Transform Meta Info

Display Name

To Community Comments [VirusTotal Public API]

Transform Name

virustotalpublic.dnsNameToCommunityComments

Short Description

Returns comments on the given DNS name

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.DNSName

Output Entity(s)

maltego.virustotal.Comment


To Community Comments [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns comments made on the input domain.

Users of VirusTotal can comment on the analyzes and objects identifying domains, IP addresses, host names, etc.  These comments can mention other users to tag them. This allows us to create a graph where VirusTotal users and objects are connected by comments.


Transform Meta Info

Display Name

To Community Comments [VirusTotal Public API]

Transform Name

virustotalpublic.domainToCommunityComments

Short Description

Returns comments on the given domain

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.Domain

Output Entity(s)

maltego.virustotal.Comment


To Community Comments [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns comments made on the input URL.

Users of VirusTotal can comment on the analyses and objects identifying domains, IP addresses, host names, etc.  These comments can mention other users to tag them. This allows us to create a graph where VirusTotal users and objects are connected by comments.


Transform Meta Info

Display Name

To Community Comments [VirusTotal Public API]

Transform Name

virustotalpublic.urlToCommunityComments

Short Description

Returns comments on the given URL

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.URL

Output Entity(s)

maltego.virustotal.Comment


To Community Comments [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns the comments made on the input file.

Users of VirusTotal can comment on the analyses and objects identifying domains, IP addresses, host names, etc.  These comments can mention other users to tag them. This allows us to create a graph where VirusTotal users and objects are connected by comments.


Transform Meta Info

Display Name

To Community Comments [VirusTotal Public API]

Transform Name

virustotalpublic.virustotalFileToCommunityComments

Short Description

Returns the comments on the given file

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.virustotal.File

Output Entity(s)

maltego.virustotal.Comment


To Community Total Votes [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

In addition to comments VirusTotal allows community users to also vote on objects such as URLs, Domains, Comments, Files and URLs. For example, let us assume VirusTotal scanned the domain maltego.com and it is classified as safe, users can vote to agree or disagree with the analysis.

This Transform returns the votes made by community users on the input file.


Transform Meta Info

Display Name

To Community Total Votes [VirusTotal Public API]

Transform Name

virustotalpublic.virustotalFileToCommunityTotalVotes

Short Description

Returns the votes made by community users on the given file

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.virustotal.File

Output Entity(s)

maltego.virustotal.Tag


To Contacted Domains [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

VirusTotal analyzes submitted files by running them in various sandboxes and gathers information about the files’ behaviour.  This Transform returns the domains contacted by the given file during analyses.


Transform Meta Info

Display Name

To Contacted Domains [VirusTotal Public API]

Transform Name

virustotalpublic.virustotalFileToContactedDomains

Short Description

Returns the domains contacted by the given file

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.virustotal.File

Output Entity(s)

maltego.Domain


To Contacted IP Addresses [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

VirusTotal analyzes submitted files by running them in various sandboxes and gathers information about the files’ behaviour.  This Transform returns the IP addresses contacted by the given file during analyses.


Transform Meta Info

Display Name

To Contacted IP Addresses [VirusTotal Public API]

Transform Name

virustotalpublic.virustotalFileToContactedIPAddresses

Short Description

Returns the IP addresses contacted by the given file

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.virustotal.File

Output Entity(s)

maltego.IPv4Address


To Contacted URLs [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

VirusTotal analyses submitted files by running them in various sandboxes and gathers information about the files’ behaviour.  This Transform returns the URLs accessed by the given file during analyses.


Transform Meta Info

Display Name

To Contacted URLs [VirusTotal Public API]

Transform Name

virustotalpublic.virustotalFileToContactedURLs

Short Description

Returns the URLs contacted by the given file

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.virustotal.File

Output Entity(s)

maltego.URL


To DNS Resolutions [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform retrieves the DNS records resolved for the IP address during analysis.

Note that the returned DNS records may not be current. This is because VirusTotal captures these during its analysis which may have been done in the past.


Transform Meta Info

Display Name

To DNS Resolutions [VirusTotal Public API]

Transform Name

virustotalpublic.ipv4AddressToDnsResolutions

Short Description

Returns the A or AAAA records resolved for this IP Address

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.IPv4Address

Output Entity(s)

maltego.ARecord, maltego.AAAARecord


To EXIFTool Info [VirusTotal Public API]

Transform Inputs

Not applicable


Description

VirusTotal uses the tool exifinfotool to retrieve metadata about submitted files. This Transform returns the exiftool data as dynamic entity properties.


Transform Meta Info

Display Name

To EXIFTool Info [VirusTotal Public API]

Transform Name

virustotalpublic.virustotalFileToExifToolInfo

Short Description

Returns the available Exif info for the file

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.virustotal.File

Output Entity(s)

maltego.virustotal.EXIFToolInfo


To Execution Parents [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

VirusTotal analyses submitted files by running them in various sandboxes and gathers information about the files’ behaviour.

This Transform retrieves the execution parents for the given file. Execution parents are files execute the given file. For example: a malware bundled with other files will be one of the execution parents of any of those bundled files.


Transform Meta Info

Display Name

To Execution Parents [VirusTotal Public API]

Transform Name

virustotalpublic.virustotalFileToExecutionParents

Short Description

Returns the files that executed the given file

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.virustotal.File

Output Entity(s)

maltego.virustotal.File


To File Type [VirusTotal Public API]

Transform Inputs

Not applicable


Description

This Transform parses the FileType property on the input Entity and returns it as a VirusTotal Tag Entity.


Transform Meta Info

Display Name

To File Type [VirusTotal Public API]

Transform Name

virustotalpublic.virustotalFileToFileType

Short Description

Returns the file type

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.virustotal.File

Output Entity(s)

maltego.virustotal.Tag


To Filenames [VirusTotal Public API]

Transform Inputs

Not applicable


Description

This Transform parses the names property on the input File Entity and returns them as Phrase Entities.


Transform Meta Info

Display Name

To Filenames [VirusTotal Public API]

Transform Name

virustotalpublic.virustotalFileToNames

Short Description

Returns the file names of the file

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.virustotal.File

Output Entity(s)

maltego.Phrase


To Hash [VirusTotal Public API]

Transform Inputs

Not applicable


Description

This Transform parses the hash properties (md5, sha1, sha256, vhash, authentihash, ssdeep) on the input File Entity and returns them as Hash Entities.


Transform Meta Info

Display Name

To Hash [VirusTotal Public API]

Transform Name

virustotalpublic.virustotalFileToHash

Short Description

Returns the hash of the file

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.virustotal.File

Output Entity(s)

maltego.Hash


To Historical SSL Certificates [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns the historical SSL Certificates observed by VirusTotal for the given DNS name.


Transform Meta Info

Display Name

To Historical SSL Certificates [VirusTotal Public API]

Transform Name

virustotalpublic.dnsNameToHistoricalSSLCertificates

Short Description

Returns the historical SSL Certificates observed by VirusTotal

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.DNSName

Output Entity(s)

maltego.X509Certificate


To Historical SSL Certificates [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns the historical SSL Certificates observed by VirusTotal for the given domain.


Transform Meta Info

Display Name

To Historical SSL Certificates [VirusTotal Public API]

Transform Name

virustotalpublic.domainToHistoricalSSLCertificates

Short Description

Returns the historical SSL Certificates observed by VirusTotal

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.Domain

Output Entity(s)

maltego.X509Certificate


To Historical SSL [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns the historical SSL Certificates observed by VirusTotal for the given IP address.


Transform Meta Info

Display Name

To Historical SSL [VirusTotal Public API]

Transform Name

virustotalpublic.ipv4AddressToHistoricalSslCertificate

Short Description

Returns historical SSL certificates observed by VirusTotal

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.IPv4Address

Output Entity(s)

maltego.X509Certificate


To Historical Whois [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns the historical WHOIS information observed by VirusTotal for the given DNS name.


Transform Meta Info

Display Name

To Historical Whois [VirusTotal Public API]

Transform Name

virustotalpublic.dnsNameToHistoricalWhois

Short Description

Returns historical WHOIS information observed by VirusTotal

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.DNSName

Output Entity(s)

maltego.WHOIS


To Historical Whois [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns the historical WHOIS information observed by VirusTotal for the given domain.


Transform Meta Info

Display Name

To Historical Whois [VirusTotal Public API]

Transform Name

virustotalpublic.domainToHistoricalWhois

Short Description

Returns historical WHOIS information observed by VirusTotal

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.Domain

Output Entity(s)

maltego.WHOIS


To Historical Whois [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns the historical WHOIS information observed by VirusTotal for the given IP address.


Transform Meta Info

Display Name

To Historical Whois [VirusTotal Public API]

Transform Name

virustotalpublic.ipv4AddressToHistoricalWhois

Short Description

Returns historical WHOIS information observed by VirusTotal

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.IPv4Address

Output Entity(s)

maltego.WHOIS


To IP Address [VirusTotal Public API]

Transform Inputs

Not applicable


Description

This Transform parses the ipv4-address property on the input Entity and returns it as a Ipv4Address Entity.   This is used to transform an ARecord Entity into IPv4Address Entity.


Transform Meta Info

Display Name

To IP Address [VirusTotal Public API]

Transform Name

virustotalpublic.dnsARecordToIpv4Address

Short Description

Returns the IPv4 Address for the A Record

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.ARecord

Output Entity(s)

maltego.IPv4Address


To IP Address [VirusTotal Public API]

Transform Inputs

Not applicable


Description

This Transform parses the ipv6-address property on the input Entity and returns it as a Ipv6Address Entity. This is used to transform an AAARecord Entity into IPv6Address Entity.


Transform Meta Info

Display Name

To IP Address [VirusTotal Public API]

Transform Name

virustotalpublic.dnsAaaaRecordToIpv6Address

Short Description

Returns the IPv6 Address for the AAAA Record

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.AAAARecord

Output Entity(s)

maltego.IPv6Address


To Immediate Parent Domain [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns the immediate parent domain for an input DNS name. It may return no results if the DNS name is not yet analysed by VirusTotal.


Transform Meta Info

Display Name

To Immediate Parent Domain [VirusTotal Public API]

Transform Name

virustotalpublic.dnsNameToImmediateParentDomain

Short Description

Returns the given DNS name’s immediate parent domain

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.DNSName

Output Entity(s)

maltego.Domain


To Immediate Parent Domain [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns the immediate parent domain for an input domain. It may return no results if the given domain is not yet analysed by VirusTotal.


Transform Meta Info

Display Name

To Immediate Parent Domain [VirusTotal Public API]

Transform Name

virustotalpublic.domainToImmediateParentDomain

Short Description

Returns the given domain’s immediate parent

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.Domain

Output Entity(s)

maltego.Domain


To Last DNS Records [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform retrieves last resolved DNS records for the given DNS name.


Transform Meta Info

Display Name

To Last DNS Records [VirusTotal Public API]

Transform Name

virustotalpublic.dnsNameToLastDnsRecords

Short Description

Returns the last resolved DNS records

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.DNSName

Output Entity(s)

maltego.DNSName,maltego.NSRecord,maltego.MXRecord,maltego.ARecord,maltego.AAAARecord, maltego.Phrase


To Last DNS Records [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform retrieves last resolved DNS records for the given domain.


Transform Meta Info

Display Name

To Last DNS Records [VirusTotal Public API]

Transform Name

virustotalpublic.domainToLastDnsRecords

Short Description

Returns the last resolved DNS records

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.Domain

Output Entity(s)

maltego.DNSName,maltego.NSRecord,maltego.MXRecord,maltego.ARecord,maltego.AAAARecord, maltego.Phrase


To Last SSL Certificate [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform retrieves the last seen SSL Certificate on the given DNS name as seen by VirusTotal.


Transform Meta Info

Display Name

To Last SSL Certificate [VirusTotal Public API]

Transform Name

virustotalpublic.dnsNameToLastSslCertificate

Short Description

Returns the last seen SSL certificate for the DNS name

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.DNSName

Output Entity(s)

maltego.X509Certificate


To Last SSL Certificate [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform retrieves the last seen SSL Certificate for the given domain as seen by VirusTotal.


Transform Meta Info

Display Name

To Last SSL Certificate [VirusTotal Public API]

Transform Name

virustotalpublic.domainToLastSslCertificate

Short Description

Returns the last SSL certificate for the domain

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.Domain

Output Entity(s)

maltego.X509Certificate


To Last SSL Certificate [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform retrieves the last seen SSL Certificate on the given IP address as seen by VirusTotal.


Transform Meta Info

Display Name

To Last SSL Certificate [VirusTotal Public API]

Transform Name

virustotalpublic.ipv4AddressToLastSslCertificate

Short Description

Returns the last SSL certificate for the IP Address

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.IPv4Address

Output Entity(s)

maltego.X509Certificate


To Last Serving IP Address [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform retrieves the last IP address that served the given URL.


Transform Meta Info

Display Name

To Last Serving IP Address [VirusTotal Public API]

Transform Name

virustotalpublic.urlToLastServingIpAddress

Short Description

Returns the last IP address that served the URL

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.URL

Output Entity(s)

maltego.IPv4Address


To Nameserver [VirusTotal Public API]

Transform Inputs

Not applicable


Description

This Transform parses the WHOIS Entity properties and returns the NS record. NS records are used to link the authoritative Name Servers for a domain in that domain’s registration.


Transform Meta Info

Display Name

To Nameserver [VirusTotal Public API]

Transform Name

virustotalpublic.whoisToNameserver

Short Description

Returns the WHOIS NS records

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.WHOIS

Output Entity(s)

maltego.NSRecord


To Network Location [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform retrieves the last network location that served a given URL. A domain or an IP address Entity will be returned.


Transform Meta Info

Display Name

To Network Location [VirusTotal Public API]

Transform Name

virustotalpublic.urlToNetworkLocation

Short Description

Returns the VirusTotal (Domain or IP address) for the URL

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.URL

Output Entity(s)

maltego.IPv4Address, maltego.Domain


To Outgoing Links [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns the outgoing links in the page identified by the given URL.


Transform Meta Info

Display Name

To Outgoing Links [VirusTotal Public API]

Transform Name

virustotalpublic.urlToOutgoingLinks

Short Description

Returns the outgoing links found in the URL’s HTML content

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.URL

Output Entity(s)

maltego.URL


To PE Resource Parents [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

Portable Executable (PE) files are a common occurance in Malware analysis. These files contain all the needed dependencies (libraries, drivers, etc.) that are needed to execute Malware in a single file. These files may also contain a runtime unpacker which makes them similar to zip files that can unpack the bundled files upon execution.

This Transform retrieves the PE resource parents for the given file. PE resource parents are PE files that contain the given file as a bundled resource.


Transform Meta Info

Display Name

To PE Resource Parents [VirusTotal Public API]

Transform Name

virustotalpublic.virustotalFileToPEResourceParents

Short Description

Returns the PE files containing the given file as a resource

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.virustotal.File

Output Entity(s)

maltego.virustotal.File


To Parent Domain [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns the parent domain for the given input DNS name.


Transform Meta Info

Display Name

To Parent Domain [VirusTotal Public API]

Transform Name

virustotalpublic.dnsNameToParentDomain

Short Description

Returns the DNS name’s parent domain

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.DNSName

Output Entity(s)

maltego.Domain


To Parent Domain [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns the parent domain for the given input domain.


Transform Meta Info

Display Name

To Parent Domain [VirusTotal Public API]

Transform Name

virustotalpublic.domainToParentDomain

Short Description

Returns the domain’s parent domain

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.Domain

Output Entity(s)

maltego.Domain


To Referrer Files [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns the files which contain the given DNS name within its strings.


Transform Meta Info

Display Name

To Referrer Files [VirusTotal Public API]

Transform Name

virustotalpublic.dnsNameToReferrerFiles

Short Description

Returns a list of files containing the given DNS name in its strings

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.DNSName

Output Entity(s)

maltego.virustotal.File


To Referrer Files [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns the files which contain the given domain within its strings.


Transform Meta Info

Display Name

To Referrer Files [VirusTotal Public API]

Transform Name

virustotalpublic.domainToReferrerFiles

Short Description

Returns a list of files containing the given domain on its strings

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.Domain

Output Entity(s)

maltego.virustotal.File


To Referrer Files [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns the files which contain the given IP address within its strings.


Transform Meta Info

Display Name

To Referrer Files [VirusTotal Public API]

Transform Name

virustotalpublic.ipv4AddressToReferrerFiles

Short Description

Returns a list of files containing the given IP Address on its strings

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.IPv4Address

Output Entity(s)

maltego.virustotal.File


To Registrant Email [VirusTotal Public API]

Transform Inputs

Not applicable


Description

This Transform parses the WHOIS Entity properties and returns the registrant’s email.


Transform Meta Info

Display Name

To Registrant Email [VirusTotal Public API]

Transform Name

virustotalpublic.whoisToRegistrantEmail

Short Description

Returns the WHOIS record registrant’s email

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.WHOIS

Output Entity(s)

maltego.EmailAddress


To Registrant Name [VirusTotal Public API]

Transform Inputs

Not applicable


Description

This Transform parses the WHOIS Entity properties and returns the registrant’s name.


Transform Meta Info

Display Name

To Registrant Name [VirusTotal Public API]

Transform Name

virustotalpublic.whoisToRegistrantName

Short Description

Returns the WHOIS record registrant name

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.WHOIS

Output Entity(s)

maltego.Alias


To Registrant Organization [VirusTotal Public API]

Transform Inputs

Not applicable


Description

This Transform parses the WHOIS Entity properties and returns the registrant’s organization.


Transform Meta Info

Display Name

To Registrant Organization [VirusTotal Public API]

Transform Name

virustotalpublic.whoisToRegistrantOrg

Short Description

Returns the WHOIS record registrant’s organization

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.WHOIS

Output Entity(s)

maltego.Organization


To Registrant Phone [VirusTotal Public API]

Transform Inputs

Not applicable


Description

This Transform parses the WHOIS Entity properties and returns the registrant’s phone number.


Transform Meta Info

Display Name

To Registrant Phone [VirusTotal Public API]

Transform Name

virustotalpublic.whoisToRegistrantPhone

Short Description

Returns the WHOIS record registrant’s phone number

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.WHOIS

Output Entity(s)

maltego.PhoneNumber


To Registrar URL [VirusTotal Public API]

Transform Inputs

Not applicable


Description

This Transform parses the WHOIS Entity properties and returns the registrar’s URL.


Transform Meta Info

Display Name

To Registrar URL [VirusTotal Public API]

Transform Name

virustotalpublic.whoisToRegistrarURL

Short Description

Returns the WHOIS record registrar’s URL

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.WHOIS

Output Entity(s)

maltego.URL


To Registrar [VirusTotal Public API]

Transform Inputs

Not applicable


Description

This Transform parses the WHOIS Entity properties and returns the registrar.


Transform Meta Info

Display Name

To Registrar [VirusTotal Public API]

Transform Name

virustotalpublic.whoisToRegistrar

Short Description

Returns the WHOIS record registrar

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.WHOIS

Output Entity(s)

maltego.Organization


To Resolved IPs [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns the resolved IP addresses for the given DNS name.


Transform Meta Info

Display Name

To Resolved IPs [VirusTotal Public API]

Transform Name

virustotalpublic.dnsNameToDnsResolutions

Short Description

Returns the resolved IP addresses for the given DNS name

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.DNSName

Output Entity(s)

maltego.IPv4Address, maltego.IPv6Address


To Resolved IPs [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns the resolved IP addresses for the given domain.


Transform Meta Info

Display Name

To Resolved IPs [VirusTotal Public API]

Transform Name

virustotalpublic.domainToDnsResolutions

Short Description

Returns the resolved IP addresses for the given domain

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.Domain

Output Entity(s)

maltego.IPv4Address


To Screenshots [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns screenshots which were taken during the file analysis.


Transform Meta Info

Display Name

To Screenshots [VirusTotal Public API]

Transform Name

virustotalpublic.virustotalFileToScreenshots

Short Description

Returns the screenshots captured during a file analysis

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.virustotal.File

Output Entity(s)

maltego.Image


To Siblings [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns the domains on the same domain hierarchy level as the given DNS name.


Transform Meta Info

Display Name

To Siblings [VirusTotal Public API]

Transform Name

virustotalpublic.dnsNameToSiblings

Short Description

Returns the sibling domains of the given DNS name

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.DNSName

Output Entity(s)

maltego.Domain


To Siblings [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns the domains on the same domain hierarchy level as the domain.


Transform Meta Info

Display Name

To Siblings [VirusTotal Public API]

Transform Name

virustotalpublic.domainToSiblings

Short Description

Returns the sibling domains of the Internet domain

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.Domain

Output Entity(s)

maltego.Domain


To Subdomains [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns the sub domains of the input DNS name.


Transform Meta Info

Display Name

To Subdomains [VirusTotal Public API]

Transform Name

virustotalpublic.dnsNameToSubdomains

Short Description

Returns the subdomains of the DNS name

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.DNSName

Output Entity(s)

maltego.Domain


To Subdomains [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns the sub domains of the given domain.


Transform Meta Info

Display Name

To Subdomains [VirusTotal Public API]

Transform Name

virustotalpublic.domainToSubdomains

Short Description

Returns the subdomains of the domain

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.Domain

Output Entity(s)

maltego.Domain


To Subnet [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform the subnet to which the given IP address belongs to.


Transform Meta Info

Display Name

To Subnet [VirusTotal Public API]

Transform Name

virustotalpublic.ipv4AddressToSubnet

Short Description

Returns the subnet for the IP Address

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.IPv4Address

Output Entity(s)

maltego.CIDR


To Tags [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns the tag classifications assigned to the given DNS name. The tags are determined by VirusTotal depending various factors such as behavior, analysis results, file type, etc.


Transform Meta Info

Display Name

To Tags [VirusTotal Public API]

Transform Name

virustotalpublic.dnsNameToTags

Short Description

Returns the tags assigned to the DNS name

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.DNSName

Output Entity(s)

maltego.virustotal.Tag


To Tags [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

Transform returns the tag classifications assigned to the domain.  The tags are determined by VirusTotal depending various factors such as behavior, analysis results, file type, etc.


Transform Meta Info

Display Name

To Tags [VirusTotal Public API]

Transform Name

virustotalpublic.domainToTags

Short Description

Returns the tags assigned to the domain

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.Domain

Output Entity(s)

maltego.virustotal.Tag


To Tags [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns the tag classification assigned to the given IP address. The tags are determined by VirusTotal depending various factors such as behavior, analysis results, file type, etc.


Transform Meta Info

Display Name

To Tags [VirusTotal Public API]

Transform Name

virustotalpublic.ipv4AddressToTags

Short Description

Returns the tags associated with the VirusTotal IP Address

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.IPv4Address

Output Entity(s)

maltego.virustotal.Tag


To Tags [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns the tag classification assigned to the given URL. The tags are determined by VirusTotal depending various factors such as behavior, analysis results, file type, etc.


Transform Meta Info

Display Name

To Tags [VirusTotal Public API]

Transform Name

virustotalpublic.urlToTags

Short Description

Returns the tags associated with a URL

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.URL

Output Entity(s)

maltego.virustotal.Tag


To Tracking Code [VirusTotal Public API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns any tracking codes found in the HTML content of at the given URL.


Transform Meta Info

Display Name

To Tracking Code [VirusTotal Public API]

Transform Name

virustotalpublic.urlToTrackingCode

Short Description

Returns the tracking codes found on the page

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.URL

Output Entity(s)

maltego.UniqueIdentifier


To VirusTotal File [VirusTotal Public API]


Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform searches VirusTotal for a previously scanned file matching the given hash and returns the matched file.


Transform Meta Info

Display Name

To VirusTotal File [VirusTotal Public API]

Transform Name

virustotalpublic.hashToVirustotalFile

Short Description

Returns the VirusTotal file  for a given hash

Data Source

VirusTotal Public API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.Hash

Output Entity(s)

maltego.virustotal



Below, please find a detailed list of all the VirusTotal Premium Transforms:


Domains Analysed in Subnet [VirusTotal Premium API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform forms a VirusTotal intelligent query based on the given subnet such as entity:domain ip:”0.0.0.0/8” and searches for domains that resolved to any of the IP addresses belonging to the subnet.


Transform Meta Info

Display Name

Domains Analysed in Subnet [VirusTotal Premium API]

Transform Name

virustotalpremium.cidrToAnalysedDomain

Short Description

Returns domains that resolved to IP addresses in the given subnet

Data Source

VirusTotal Premium API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.CIDR

Output Entity(s)

maltego.Domain


Raw Intelligence Search [VirusTotal Premium API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform forms a VirusTotal intelligent query based on the raw input such as content:”google.com” and sends a query to the intelligence search endpoint. Any of domains, IP addresses, files, URLs and comments may be returned.

For more information about the VirusTotal intelligence search query syntax, please refer here: https://support.virustotal.com/hc/en-us/articles/360001387057-VirusTotal-Intelligence-Introduction


Transform Meta Info

Display Name

Raw Intelligence Search [VirusTotal Premium API]

Transform Name

virustotalpremium.phraseToRawIntelligenceSearch

Short Description

Searches VirusTotal for domains, IP addresses, files, URLs and comments using the VirusTotal Intelligence query syntax

Data Source

VirusTotal Premium API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.Phrase

Output Entity(s)

maltego.IPv4Address,maltego.Domain,maltego.virustotal.File, maltego.virustotal.Comment,maltego.URL


To Analysis Results [VirusTotal Premium API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

URLs submitted to VirusTotal are analysed by various engines, each engine will provide a classification result such as Trojan/****. This Transform extracts and returns the analysis result from the analyses done on the URL.


Transform Meta Info

Display Name

To Analysis Results [VirusTotal Premium API]

Transform Name

virustotalpremium.UrlToAnalysisResults

Short Description

Returns the results of analyses done on the URL

Data Source

VirusTotal Premium API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.URL

Output Entity(s)

maltego.virustotal.AnalysisResult


To Analysis Results [VirusTotal Premium API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

Files submitted to VirusTotal are analyzed by various engines, each engine will provide a classification result such as Trojan/****. This Transform extracts and returns the analysis result from the analyses done on the file.


Transform Meta Info

Display Name

To Analysis Results [VirusTotal Premium API]

Transform Name

virustotalpremium.virustotalFileToAnalysisResults

Short Description

Returns the results of analyses done on the file

Data Source

VirusTotal Premium API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.virustotal.File

Output Entity(s)

maltego.virustotal.AnalysisResult


To Carbon Black Children [VirusTotal Premium API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

The carbonblack_children relationship returns the list of all files derived from a given file according to Carbon Black. CarbonBlack acts like a surveillance camera for end-user PCs, recording downloaded files, spawned processes, files written to disk, etc. CarbonBlack shares its in-the-wild data with VirusTotal.

This Transform retrieves files written to disk by the file according to CarbonBlack.


Transform Meta Info

Display Name

To Carbon Black Children [VirusTotal Premium API]

Transform Name

virustotalpremium.virustotalFileToCarbonBlackChildren

Short Description

Returns files derived from the file according to Carbon Black

Data Source

VirusTotal Premium API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.virustotal.File

Output Entity(s)

maltego.virustotal.File


To Carbon Black Parents [VirusTotal Premium API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

The carbonblack_parents relationship returns the list of all files from which a given file was derived according to Carbon Black.

CarbonBlack acts like a surveillance camera for end-user PCs, recording downloaded files, spawned processes, files written to disk, etc. CarbonBlack shares its in-the-wild data with VirusTotal.

This Transform retrieves files that wrote the file under consideration to disk according to CarbonBlack.


Transform Meta Info

Display Name

To Carbon Black Parents [VirusTotal Premium API]

Transform Name

virustotalpremium.virustotalFileToCarbonBlackParents

Short Description

Returns files from which a given file was derived according to Carbon Black

Data Source

VirusTotal Premium API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.virustotal.File

Output Entity(s)

maltego.virustotal.File


To Compressed Parent Files [VirusTotal Premium API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns all compressed bundles (which also are file objects) found containing the given file.


Transform Meta Info

Display Name

To Compressed Parent Files [VirusTotal Premium API]

Transform Name

virustotalpremium.virustotalFileToCompressedParents

Short Description

Returns compressed files that contain the file

Data Source

VirusTotal Premium API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.virustotal.File

Output Entity(s)

maltego.virustotal.File


To Contacted Domains [VirusTotal Premium API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns the domains from which the input URL was found to load resources during analysis of the input URL.


Transform Meta Info

Display Name

To Contacted Domains [VirusTotal Premium API]

Transform Name

virustotalpremium.urlToContactedDomains

Short Description

Returns the domains contacted by the URL

Data Source

VirusTotal Premium API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.URL

Output Entity(s)

maltego.Domain


To Contacted IP Addresses [VirusTotal Premium API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns the IP addresses from which the input URL was found to load resources during VirusTotal analysis of the input URL.


Transform Meta Info

Display Name

To Contacted IP Addresses [VirusTotal Premium API]

Transform Name

virustotalpremium.urlToContactedIpAddresses

Short Description

Returns the IP Addresses contacted by the URL

Data Source

VirusTotal Premium API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.URL

Output Entity(s)

maltego.IPv4Address


To Domains in the Wild [VirusTotal Premium API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

1Description

This Transform returns domains observed the wild where the given file was downloaded. In the wild means (seen in other VirusTotal analyses).


Transform Meta Info

Display Name

To Domains in the Wild [VirusTotal Premium API]

Transform Name

virustotalpremium.virustotalFileToItwDomains

Short Description

Returns a list of in the wild domain names from which the file has been downloaded

Data Source

VirusTotal Premium API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.virustotal.File

Output Entity(s)

maltego.Domain


To Download URL [VirusTotal Premium API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

If the given file is available for download, a temporary URL for downloading the file is returned. This URL expires after 1 hour.


Transform Meta Info

Display Name

To Download URL [VirusTotal Premium API]

Transform Name

virustotalpremium.virustotalFileToDownloadUrl

Short Description

Returns the URL to download the VirusTotal file. Warning, you might be possibly downloading Malware. The URL expires after a 1 hour

Data Source

VirusTotal Premium API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.virustotal.File

Output Entity(s)

maltego.URL


To Downloaded Files [VirusTotal Premium API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns files that were hosted under the given DNS name or any of its subdomains and downloaded by VirusTotal during analysis runs.


Transform Meta Info

Display Name

To Downloaded Files [VirusTotal Premium API]

Transform Name

virustotalpremium.dnsNameToDownloadedFiles

Short Description

Returns files downloaded from the DNS Name

Data Source

VirusTotal Premium API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.DNSName

Output Entity(s)

maltego.virustotal.File


To Downloaded Files [VirusTotal Premium API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns files that were hosted under the given domain name or any of its subdomains and downloaded by VirusTotal during analysis runs.


Transform Meta Info

Display Name

To Downloaded Files [VirusTotal Premium API]

Transform Name

virustotalpremium.domainToDownloadedFiles

Short Description

Returns files downloaded from the Internet domain

Data Source

VirusTotal Premium API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.Domain

Output Entity(s)

maltego.virustotal.File


To Downloaded Files [VirusTotal Premium API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns files that were hosted under the given IP address and downloaded by VirusTotal during analysis runs.


Transform Meta Info

Display Name

To Downloaded Files [VirusTotal Premium API]

Transform Name

virustotalpremium.ipv4AddressToDownloadedFiles

Short Description

Returns files downloaded from the IP Address

Data Source

VirusTotal Premium API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.IPv4Address

Output Entity(s)

maltego.virustotal.File


To DownloadedFiles [VirusTotal Premium API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns files that were downloaded from the given URL by VirusTotal during analysis runs.


Transform Meta Info

Display Name

To DownloadedFiles [VirusTotal Premium API]

Transform Name

virustotalpremium.urlToDownloadedFiles

Short Description

Returns the files downloaded from the URL

Data Source

VirusTotal Premium API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.URL

Output Entity(s)

maltego.virustotal.File


To Email Attachments [VirusTotal Premium API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns all files contained in an email file as attachments.  No results are returned if the given input is not an email file.


Transform Meta Info

Display Name

To Email Attachments [VirusTotal Premium API]

Transform Name

virustotalpremium.virustotalFileToEmailAttachments

Short Description

Returns files contained in the email file as attachments

Data Source

VirusTotal Premium API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.virustotal.File

Output Entity(s)

maltego.virustotal.File


To Email Parents [VirusTotal Premium API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns all email files containing the given file.


Transform Meta Info

Display Name

To Email Parents [VirusTotal Premium API]

Transform Name

virustotalpremium.virustotalFileToEmailParents

Short Description

Returns the email files containing the given file

Data Source

VirusTotal Premium API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.virustotal.File

Output Entity(s)

maltego.virustotal.File


To Embedded Domains [VirusTotal Premium API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

A file may contain domain names within its strings, this Transform returns all domain names embedded in the given file.


Transform Meta Info

Display Name

To Embedded Domains [VirusTotal Premium API]

Transform Name

virustotalpremium.virustotalFileToEmbeddedDomains

Short Description

Returns domain names embedded in the given file

Data Source

VirusTotal Premium API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.virustotal.File

Output Entity(s)

maltego.Domain


To Embedded IP Addresses [VirusTotal Premium API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

A file may contains IP addresses within its strings, this Transform returns all IP addresses embedded in a given file.


Transform Meta Info

Display Name

To Embedded IP Addresses [VirusTotal Premium API]

Transform Name

virustotalpremium.virustotalFileToEmbeddedIpAddresses

Short Description

Returns IP addresses embedded in a given file

Data Source

VirusTotal Premium API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.virustotal.File

Output Entity(s)

maltego.IPv4Address


To Files in Ciphered Bundle [VirusTotal Premium API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform will lookup files within the given encrypted file.


Transform Meta Info

Display Name

To Files in Ciphered Bundle [VirusTotal Premium API]

Transform Name

virustotalpremium.virustotalFileToFilesInCipheredBundle

Short Description

Returns files bundled inside the given encrypted file

Data Source

VirusTotal Premium API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.virustotal.File

Output Entity(s)

maltego.virustotal.File


To Overlay Parent Files [VirusTotal Premium API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns files containing a given file as in their overlay segment. Overlay programming is used by maleware to hide and/or bundle their payload files.


Transform Meta Info

Display Name

To Overlay Parent Files [VirusTotal Premium API]

Transform Name

virustotalpremium.virustotalFileToOverlayParents

Short Description

Returns files containing the given file in their overlay

Data Source

VirusTotal Premium API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.virustotal.File

Output Entity(s)

maltego.virustotal.File


To PCap Parent Files [VirusTotal Premium API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns PCAP network traffic files containing the given file.


Transform Meta Info

Display Name

To PCap Parent Files [VirusTotal Premium API]

Transform Name

virustotalpremium.virustotalFileToPcapParentFiles

Short Description

Returns PCap files containing a given file

Data Source

VirusTotal Premium API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.virustotal.File

Output Entity(s)

maltego.virustotal.File


To Redirecting URLs [VirusTotal Premium API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns URLs that redirected to the given DNS Name.


Transform Meta Info

Display Name

To Redirecting URLs [VirusTotal Premium API]

Transform Name

virustotalpremium.dnsNameToRedirectingUrls

Short Description

Returns URLs that redirected to the given DNS Name

Data Source

VirusTotal Premium API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.DNSName

Output Entity(s)

maltego.URL


To Redirecting URLs [VirusTotal Premium API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns URLs that redirected to the given domain.


Transform Meta Info

Display Name

To Redirecting URLs [VirusTotal Premium API]

Transform Name

virustotalpremium.domainToRedirectingUrls

Short Description

Returns URLs that redirected to the given domain

Data Source

VirusTotal Premium API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.Domain

Output Entity(s)

maltego.URL


To Redirecting URLs [VirusTotal Premium API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns URLs that redirected to the given URL.


Transform Meta Info

Display Name

To Redirecting URLs [VirusTotal Premium API]

Transform Name

virustotalpremium.urlToRedirectingUrls

Short Description

Returns URLs that redirected to the given URL

Data Source

VirusTotal Premium API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.URL

Output Entity(s)

maltego.URL


To Redirects [VirusTotal Premium API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns URLs that were redirected from a URL containing just the given DNS name.


Transform Meta Info

Display Name

To Redirects [VirusTotal Premium API]

Transform Name

virustotalpremium.dnsNameToRedirectsTo

Short Description

Returns URLs a given DNS Name redirected to

Data Source

VirusTotal Premium API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.DNSName

Output Entity(s)

maltego.URL


To Redirects [VirusTotal Premium API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns URLs that were redirected from a URL containing just the given domain.


Transform Meta Info

Display Name

To Redirects [VirusTotal Premium API]

Transform Name

virustotalpremium.domainToRedirectsTo

Short Description

Returns URLs a given domain redirected to

Data Source

VirusTotal Premium API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.Domain

Output Entity(s)

maltego.URL


To Redirects [VirusTotal Premium API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns URLs that were redirected from the given URL.


Transform Meta Info

Display Name

To Redirects [VirusTotal Premium API]

Transform Name

virustotalpremium.urlToRedirectsTo

Short Description

Returns URLs a given URL redirected to

Data Source

VirusTotal Premium API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.URL

Output Entity(s)

maltego.URL


To Similar Files [VirusTotal Premium API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns files similar to the input file.


Transform Meta Info

Display Name

To Similar Files [VirusTotal Premium API]

Transform Name

virustotalpremium.virustotalFileToSimilarFiles

Short Description

Returns a list of similar files to the given file

Data Source

VirusTotal Premium API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.virustotal.File

Output Entity(s)

maltego.virustotal.File


To URLs Sharing Tracking Code [VirusTotal Premium API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform forms an VirusTotal intelligent query in the background to return URLs whose content contains or contained any of the tracking codes contained in the given URL.

Tracking codes are unique identifiers that are usually employed for serving ads and to track a website’s usage patterns.  They may of help in grouping related websites.


Transform Meta Info

Display Name

To URLs Sharing Tracking Code [VirusTotal Premium API]

Transform Name

virustotalpremium.trackingCodeToURL

Short Description

Returns URLs sharing the given tracking code

Data Source

VirusTotal Premium API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.UniqueIdentifier

Output Entity(s)

maltego.URL


To URLs [VirusTotal Premium API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns URLs containing the given DNS name.


Transform Meta Info

Display Name

To URLs [VirusTotal Premium API]

Transform Name

virustotalpremium.dnsNameToUrls

Short Description

Returns URLs with the input DNS Name

Data Source

VirusTotal Premium API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.DNSName

Output Entity(s)

maltego.URL


To URLs [VirusTotal Premium API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns URLs containing the given domain.


Transform Meta Info

Display Name

To URLs [VirusTotal Premium API]

Transform Name

virustotalpremium.domainToUrls

Short Description

Returns URLs with this Internet domain

Data Source

VirusTotal Premium API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.Domain

Output Entity(s)

maltego.URL


To URLs [VirusTotal Premium API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns URLs resolving to the given IP address.


Transform Meta Info

Display Name

To URLs [VirusTotal Premium API]

Transform Name

virustotalpremium.ipv4AddressToUrls

Short Description

Returns URLs related to the IP Address

Data Source

VirusTotal Premium API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.IPv4Address

Output Entity(s)

maltego.URL


To URLs in the Wild [VirusTotal Premium API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform returns URLs observed in the wild where the file was downloaded. In the wild means (seen in other analyses).


Transform Meta Info

Display Name

To URLs in the Wild [VirusTotal Premium API]

Transform Name

virustotalpremium.virustotalFileToItwURLs

Short Description

Returns a list of in the wild URLs from which the file has been downloaded

Data Source

VirusTotal Premium API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.virustotal.File

Output Entity(s)

maltego.URL


URLs Analysed in Subnet [VirusTotal Premium API]

Transform Inputs

SettingName

Setting type

Default Value

Optional

Popup

Display

Auth

apikey

string

 

False

False

VirusTotal API Key

True

 

Description

This Transform forms an VirusTotal intelligent query such as entity:url ip:”0.0.0.0/8” in the background to search for URLs that were previously analysed and resolved to IP addresses belonging to the given subnet.


Transform Meta Info

Display Name

URLs Analysed in Subnet [VirusTotal Premium API]

Transform Name

virustotalpremium.cidrToAnalysedUrl

Short Description

Searches VirusTotal for URLs analysed in the subnet using VirusTotal intelligence query syntax

Data Source

VirusTotal Premium API

Owner

<Maltego Technologies GmbH>

Author

<dev@maltego.com>

Input Entity

maltego.CIDR

Output Entity(s)

maltego.URL

 


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.