VirusTotal Public API

Modified on: Fri, 24 Mar, 2023 at 7:40 AM

Overview

VirusTotal is a service that analyzes files and URLs for viruses, worms, trojans, and other kinds of malicious content.

It provides as a free service a public API that allows for automation of some of its online features such as upload and scan files, submit and scan URLs, access finished scan reports, and make automatic comments on URLs and samples.

With the VirusTotal Transforms for Maltego, investigators can query the VirusTotal Public API for information about IP Addresses, Hashes, Domains, and URLs directly within Maltego. There is also a paid version of VirusTotal that allows customers to examine any file uploaded to the service.

Kindly note that some restrictions apply for requests made through the public API, such as requiring an individual API key freely obtained by signing up online, low priority scan queue, and limited number of requests.

You can read more about VirusTotal Public API Transforms for Maltego on our website here.

Links

VirusTotal web interface:

https://www.virustotal.com

VirusTotal REST API Documentation:

https://developers.virustotal.com/v3.0/reference

Below, please find a detailed list of all the VirusTotal Public Transforms:

Annotate Domain [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

VirusTotal contains important information, most of which may not be represented as a Maltego Entity. This Transform searches VirusTotal for the given input domain and adds the retrieved information to the input Entity and to its detail view. This is done by generating a new Entity which overwrites the input Entity.

If the given domain is not found, the input Entity is not overwritten.

Transform Meta Info

Display Name	Annotate Domain [VirusTotal Public API]
Transform Name	virustotalpublic.annotateDomain
Short Description	Searches VirusTotal for the input domain, and the returned Entity will overwrite the original if previously analyzed by VirusTotal, adding analysis results to the detail view.
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.Domain
Output Entity(s)	maltego.Domain

Annotate URL [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

VirusTotal contains important information, most of which may not be represented as a Maltego Entity. This Transform searches VirusTotal for the given input URL and adds the retrieved information on the input Entity and the detail view. This is done by generating a new Entity which overwrites the input Entity.

If the given URL is not found, the input Entity is not overwritten.

Transform Meta Info

Display Name	Annotate URL [VirusTotal Public API]
Transform Name	virustotalpublic.annotateUrl
Short Description	Searches VirusTotal for the input Entity, and the returned Entity will overwrite the original if previously analyzed by VirusTotal, adding analysis results to the detail view.
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.URL
Output Entity(s)	maltego.URL

Annotate Ipv4 Address [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

VirusTotal contains important information, most of which may not be represented as a Maltego Entity. This transform lookups searches VirusTotal for the input IP address and adds the retrieved information on the input entity and the detail view.This is done by generating a new entity which overwrites the input entity.

If the given IP address is not found, the input entity is not overwritten.

Transform Meta Info

Display Name	Annotate Ipv4 Address [VirusTotal Public API]
Transform Name	virustotalpublic.annotateIpv4Address
Short Description	Searches VirusTotal for the input entity, and the returned entity will overwrite the original if previously analysed by VirusTotal, adding analysis results to the detail view
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.IPv4Address
Output Entity(s)	maltego.IPv4Address

Search VirusTotal [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform will search for the given DNS name in VirusTotal and return a Domain Entity if the DNS name was previously analysed.

Transform Meta Info

Display Name	Search VirusTotal [VirusTotal Public API]
Transform Name	virustotalpublic.dnsNameToSearchVirustotal
Short Description	Searches VirusTotal for the DNS name, returns a Domain Entity with analysis results in the detail view.
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.DNSName
Output Entity(s)	maltego.Domain

Search VirusTotal [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform searches VirusTotal for the input phrase and returns File, URL, Domain, IP Address or Comment Entities matching the given input. Returned Comment Entities represent users comments in VirusTotal.

The input phrase may represent one of the following: * URL * Domain * DNS name * File hash * IP address.

If the input phrase does not represent any of the above, the search will be performed on the comments.

Transform Meta Info

Display Name	Search VirusTotal [VirusTotal Public API]
Transform Name	virustotalpublic.phraseToSearchVirustotal
Short Description	Searches VirusTotal for domains, IP addresses, file hashes, URLs and comments.
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.Phrase
Output Entity(s)	maltego.IPv4Address, maltego.Domain, maltego.virustotal.File, maltego.virustotal.Comment, maltego.URL

To AS Number [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns the AS number for the given IP address as determined by VirusTotal.

Transform Meta Info

Display Name	To AS Number [VirusTotal Public API]
Transform Name	virustotalpublic.ipv4AddressToAsNumber
Short Description	Returns the AS number for the given IP Address.
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.IPv4Address
Output Entity(s)	maltego.AS

To Admin Organization [VirusTotal Public API]

Transform Inputs

Not applicable

Description

This Transform parses the WHOIS Entity properties and returns the Admin Organization.

Transform Meta Info

Display Name	To Admin Organization [VirusTotal Public API]
Transform Name	virustotalpublic.whoisToAdminOrganization
Short Description	Returns the whois record admin organization
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.WHOIS
Output Entity(s)	maltego.Organization

To Author [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns the author of the given comment.

Transform Meta Info

Display Name	To Author [VirusTotal Public API]
Transform Name	virustotalpublic.commentToAuthor
Short Description	Returns the author of a given comment.
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.virustotal.Comment
Output Entity(s)	maltego.virustotal.User

To Bundled Files [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

During analysis, VirusTotal may notice that multiple files are bundled in a file. This is the case with tarball or ZIP files, and executables that contains a bundled payload.

This Transform returns those files that are bundled within the given file.

Transform Meta Info

Display Name	To Bundled Files [VirusTotal Public API]
Transform Name	virustotalpublic.virustotalFileToBundledFiles
Short Description	Returns the files bundled inside a given file
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.virustotal.File
Output Entity(s)	maltego.virustotal.File

To Categories [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

VirusTotal uses various partners engines to analyze domains. As part of this analysis the domains are assigned different categories such as business, academic, etc.. And this Transform with return the categories as Tag Entities.

Transform Meta Info

Display Name	To Categories [VirusTotal Public API]
Transform Name	virustotalpublic.dnsNameToCategories
Short Description	Returns category tags for the given domain
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.DNSName
Output Entity(s)	maltego.virustotal.Tag

To Categories [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

VirusTotal uses various partners engines to analyze domains and DNS names. As part of this analysis the domains are assigned different categories such as business, academic, etc.. And this Transform with return the categories as Tag Entities.

Transform Meta Info

Display Name	To Categories [VirusTotal Public API]
Transform Name	virustotalpublic.domainToCategories
Short Description	Returns category tags for the given DNS name.
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.Domain
Output Entity(s)	maltego.virustotal.Tag

To Categories [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

VirusTotal uses various partners engines to analyze URLs . As part of this analysis the URLs are assigned different categories such as business, academic, etc.. And this Transform with return the categories as Tag Entities.

Transform Meta Info

Display Name	To Categories [VirusTotal Public API]
Transform Name	virustotalpublic.urlToCategories
Short Description	Returns category tags for the given URL.
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.URL
Output Entity(s)	maltego.Phrase

To Comment Mentions [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns all the comments mentioning the specified user.

Users of VirusTotal can comment on the analyses and objects identifying domains, IP addresses, host names, etc. These comments can mention other users to tag them. This allows us to create a graph where VirusTotal users and objects are connected by comments.

Transform Meta Info

Display Name	To Comment Mentions [VirusTotal Public API]
Transform Name	virustotalpublic.userToCommentMentions
Short Description	Returns the comments mentioning given user.
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.virustotal.User
Output Entity(s)	maltego.virustotal.Comment

To Commented Item [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns the VirusTotal object for which the input comment belongs to. It may return either of File, URL, Domain or IP Address Entities.

Transform Meta Info

Display Name	To Commented Item [VirusTotal Public API]
Transform Name	virustotalpublic.commentToVirusTotalItem
Short Description	Returns the item on which the given comment was posted.
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.virustotal.Comment
Output Entity(s)	maltego.virustotal.File,maltego.Domain,maltego.IPv4Address,maltego.URL

To Comments Authored [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns all the comments authored by the given user.

Transform Meta Info

Display Name	To Comments Authored [VirusTotal Public API]
Transform Name	virustotalpublic.userToCommentsAuthored
Short Description	Returns the comments authored by the user.
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.virustotal.User
Output Entity(s)	maltego.virustotal.Comment

To Communicating Files [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

VirusTotal analyses submitted files by running them in various sandboxes and gathers information about the files’ behaviour. This Transform returns the files which were observed to have communicated or attempted to communicate with the given DNS host name.

Transform Meta Info

Display Name	To Communicating Files [VirusTotal Public API]
Transform Name	virustotalpublic.dnsNameToCommunicatingFiles
Short Description	Returns files communicating with the given DNS name
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.DNSName
Output Entity(s)	maltego.virustotal.File

To Communicating Files [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

VirusTotal analyzes submitted files by running them in various sandboxes and gathers information about the files’ behaviour. This Transform returns the files which were observed to have communicated or attempted to communicate with the given domain name.

Transform Meta Info

Display Name	To Communicating Files [VirusTotal Public API]
Transform Name	virustotalpublic.domainToCommunicatingFiles
Short Description	Returns files communicating with the given domain.
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.Domain
Output Entity(s)	maltego.virustotal.File

To Communicating Files [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

Transform Meta Info

Display Name	To Communicating Files [VirusTotal Public API]
Transform Name	virustotalpublic.ipv4AddressToCommunicatingFiles
Short Description	Returns files communicating with the given IP Address.
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.IPv4Address
Output Entity(s)	maltego.virustotal.File

To Community Comments [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns comments made on the input DNS name.

Transform Meta Info

Display Name	To Community Comments [VirusTotal Public API]
Transform Name	virustotalpublic.dnsNameToCommunityComments
Short Description	Returns comments on the given DNS name
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.DNSName
Output Entity(s)	maltego.virustotal.Comment

To Community Comments [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns comments made on the input domain.

Users of VirusTotal can comment on the analyzes and objects identifying domains, IP addresses, host names, etc. These comments can mention other users to tag them. This allows us to create a graph where VirusTotal users and objects are connected by comments.

Transform Meta Info

Display Name	To Community Comments [VirusTotal Public API]
Transform Name	virustotalpublic.domainToCommunityComments
Short Description	Returns comments on the given domain
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.Domain
Output Entity(s)	maltego.virustotal.Comment

To Community Comments [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns comments made on the input URL.

Transform Meta Info

Display Name	To Community Comments [VirusTotal Public API]
Transform Name	virustotalpublic.urlToCommunityComments
Short Description	Returns comments on the given URL
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.URL
Output Entity(s)	maltego.virustotal.Comment

To Community Comments [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns the comments made on the input file.

Transform Meta Info

Display Name	To Community Comments [VirusTotal Public API]
Transform Name	virustotalpublic.virustotalFileToCommunityComments
Short Description	Returns the comments on the given file
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.virustotal.File
Output Entity(s)	maltego.virustotal.Comment

To Community Total Votes [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

In addition to comments VirusTotal allows community users to also vote on objects such as URLs, Domains, Comments, Files and URLs. For example, let us assume VirusTotal scanned the domain maltego.com and it is classified as safe, users can vote to agree or disagree with the analysis.

This Transform returns the votes made by community users on the input file.

Transform Meta Info

Display Name	To Community Total Votes [VirusTotal Public API]
Transform Name	virustotalpublic.virustotalFileToCommunityTotalVotes
Short Description	Returns the votes made by community users on the given file
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.virustotal.File
Output Entity(s)	maltego.virustotal.Tag

To Contacted Domains [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

VirusTotal analyzes submitted files by running them in various sandboxes and gathers information about the files’ behaviour. This Transform returns the domains contacted by the given file during analyses.

Transform Meta Info

Display Name	To Contacted Domains [VirusTotal Public API]
Transform Name	virustotalpublic.virustotalFileToContactedDomains
Short Description	Returns the domains contacted by the given file
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.virustotal.File
Output Entity(s)	maltego.Domain

To Contacted IP Addresses [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

VirusTotal analyzes submitted files by running them in various sandboxes and gathers information about the files’ behaviour. This Transform returns the IP addresses contacted by the given file during analyses.

Transform Meta Info

Display Name	To Contacted IP Addresses [VirusTotal Public API]
Transform Name	virustotalpublic.virustotalFileToContactedIPAddresses
Short Description	Returns the IP addresses contacted by the given file
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.virustotal.File
Output Entity(s)	maltego.IPv4Address

To Contacted URLs [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

VirusTotal analyses submitted files by running them in various sandboxes and gathers information about the files’ behaviour. This Transform returns the URLs accessed by the given file during analyses.

Transform Meta Info

Display Name	To Contacted URLs [VirusTotal Public API]
Transform Name	virustotalpublic.virustotalFileToContactedURLs
Short Description	Returns the URLs contacted by the given file
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.virustotal.File
Output Entity(s)	maltego.URL

To DNS Resolutions [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform retrieves the DNS records resolved for the IP address during analysis.

Note that the returned DNS records may not be current. This is because VirusTotal captures these during its analysis which may have been done in the past.

Transform Meta Info

Display Name	To DNS Resolutions [VirusTotal Public API]
Transform Name	virustotalpublic.ipv4AddressToDnsResolutions
Short Description	Returns the A or AAAA records resolved for this IP Address
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.IPv4Address
Output Entity(s)	maltego.ARecord, maltego.AAAARecord

To EXIFTool Info [VirusTotal Public API]

Transform Inputs

Not applicable

Description

VirusTotal uses the tool exifinfotool to retrieve metadata about submitted files. This Transform returns the exiftool data as dynamic entity properties.

Transform Meta Info

Display Name	To EXIFTool Info [VirusTotal Public API]
Transform Name	virustotalpublic.virustotalFileToExifToolInfo
Short Description	Returns the available Exif info for the file
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.virustotal.File
Output Entity(s)	maltego.virustotal.EXIFToolInfo

To Execution Parents [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

VirusTotal analyses submitted files by running them in various sandboxes and gathers information about the files’ behaviour.

This Transform retrieves the execution parents for the given file. Execution parents are files execute the given file. For example: a malware bundled with other files will be one of the execution parents of any of those bundled files.

Transform Meta Info

Display Name	To Execution Parents [VirusTotal Public API]
Transform Name	virustotalpublic.virustotalFileToExecutionParents
Short Description	Returns the files that executed the given file
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.virustotal.File
Output Entity(s)	maltego.virustotal.File

To File Type [VirusTotal Public API]

Transform Inputs

Not applicable

Description

This Transform parses the FileType property on the input Entity and returns it as a VirusTotal Tag Entity.

Transform Meta Info

Display Name	To File Type [VirusTotal Public API]
Transform Name	virustotalpublic.virustotalFileToFileType
Short Description	Returns the file type
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.virustotal.File
Output Entity(s)	maltego.virustotal.Tag

To Filenames [VirusTotal Public API]

Transform Inputs

Not applicable

Description

This Transform parses the names property on the input File Entity and returns them as Phrase Entities.

Transform Meta Info

Display Name	To Filenames [VirusTotal Public API]
Transform Name	virustotalpublic.virustotalFileToNames
Short Description	Returns the file names of the file
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.virustotal.File
Output Entity(s)	maltego.Phrase

To Hash [VirusTotal Public API]

Transform Inputs

Not applicable

Description

This Transform parses the hash properties (md5, sha1, sha256, vhash, authentihash, ssdeep) on the input File Entity and returns them as Hash Entities.

Transform Meta Info

Display Name	To Hash [VirusTotal Public API]
Transform Name	virustotalpublic.virustotalFileToHash
Short Description	Returns the hash of the file
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.virustotal.File
Output Entity(s)	maltego.Hash

To Historical SSL Certificates [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns the historical SSL Certificates observed by VirusTotal for the given DNS name.

Transform Meta Info

Display Name	To Historical SSL Certificates [VirusTotal Public API]
Transform Name	virustotalpublic.dnsNameToHistoricalSSLCertificates
Short Description	Returns the historical SSL Certificates observed by VirusTotal
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.DNSName
Output Entity(s)	maltego.X509Certificate

To Historical SSL Certificates [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns the historical SSL Certificates observed by VirusTotal for the given domain.

Transform Meta Info

Display Name	To Historical SSL Certificates [VirusTotal Public API]
Transform Name	virustotalpublic.domainToHistoricalSSLCertificates
Short Description	Returns the historical SSL Certificates observed by VirusTotal
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.Domain
Output Entity(s)	maltego.X509Certificate

To Historical SSL [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns the historical SSL Certificates observed by VirusTotal for the given IP address.

Transform Meta Info

Display Name	To Historical SSL [VirusTotal Public API]
Transform Name	virustotalpublic.ipv4AddressToHistoricalSslCertificate
Short Description	Returns historical SSL certificates observed by VirusTotal
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.IPv4Address
Output Entity(s)	maltego.X509Certificate

To Historical Whois [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns the historical WHOIS information observed by VirusTotal for the given DNS name.

Transform Meta Info

Display Name	To Historical Whois [VirusTotal Public API]
Transform Name	virustotalpublic.dnsNameToHistoricalWhois
Short Description	Returns historical WHOIS information observed by VirusTotal
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.DNSName
Output Entity(s)	maltego.WHOIS

To Historical Whois [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns the historical WHOIS information observed by VirusTotal for the given domain.

Transform Meta Info

Display Name	To Historical Whois [VirusTotal Public API]
Transform Name	virustotalpublic.domainToHistoricalWhois
Short Description	Returns historical WHOIS information observed by VirusTotal
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.Domain
Output Entity(s)	maltego.WHOIS

To Historical Whois [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns the historical WHOIS information observed by VirusTotal for the given IP address.

Transform Meta Info

Display Name	To Historical Whois [VirusTotal Public API]
Transform Name	virustotalpublic.ipv4AddressToHistoricalWhois
Short Description	Returns historical WHOIS information observed by VirusTotal
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.IPv4Address
Output Entity(s)	maltego.WHOIS

To IP Address [VirusTotal Public API]

Transform Inputs

Not applicable

Description

This Transform parses the ipv4-address property on the input Entity and returns it as a Ipv4Address Entity. This is used to transform an ARecord Entity into IPv4Address Entity.

Transform Meta Info

Display Name	To IP Address [VirusTotal Public API]
Transform Name	virustotalpublic.dnsARecordToIpv4Address
Short Description	Returns the IPv4 Address for the A Record
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.ARecord
Output Entity(s)	maltego.IPv4Address

To IP Address [VirusTotal Public API]

Transform Inputs

Not applicable

Description

This Transform parses the ipv6-address property on the input Entity and returns it as a Ipv6Address Entity. This is used to transform an AAARecord Entity into IPv6Address Entity.

Transform Meta Info

Display Name	To IP Address [VirusTotal Public API]
Transform Name	virustotalpublic.dnsAaaaRecordToIpv6Address
Short Description	Returns the IPv6 Address for the AAAA Record
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.AAAARecord
Output Entity(s)	maltego.IPv6Address

To Immediate Parent Domain [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns the immediate parent domain for an input DNS name. It may return no results if the DNS name is not yet analysed by VirusTotal.

Transform Meta Info

Display Name	To Immediate Parent Domain [VirusTotal Public API]
Transform Name	virustotalpublic.dnsNameToImmediateParentDomain
Short Description	Returns the given DNS name’s immediate parent domain
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.DNSName
Output Entity(s)	maltego.Domain

To Immediate Parent Domain [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns the immediate parent domain for an input domain. It may return no results if the given domain is not yet analysed by VirusTotal.

Transform Meta Info

Display Name	To Immediate Parent Domain [VirusTotal Public API]
Transform Name	virustotalpublic.domainToImmediateParentDomain
Short Description	Returns the given domain’s immediate parent
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.Domain
Output Entity(s)	maltego.Domain

To Last DNS Records [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform retrieves last resolved DNS records for the given DNS name.

Transform Meta Info

Display Name	To Last DNS Records [VirusTotal Public API]
Transform Name	virustotalpublic.dnsNameToLastDnsRecords
Short Description	Returns the last resolved DNS records
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.DNSName
Output Entity(s)	maltego.DNSName,maltego.NSRecord,maltego.MXRecord,maltego.ARecord,maltego.AAAARecord, maltego.Phrase

To Last DNS Records [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform retrieves last resolved DNS records for the given domain.

Transform Meta Info

Display Name	To Last DNS Records [VirusTotal Public API]
Transform Name	virustotalpublic.domainToLastDnsRecords
Short Description	Returns the last resolved DNS records
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.Domain
Output Entity(s)	maltego.DNSName,maltego.NSRecord,maltego.MXRecord,maltego.ARecord,maltego.AAAARecord, maltego.Phrase

To Last SSL Certificate [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform retrieves the last seen SSL Certificate on the given DNS name as seen by VirusTotal.

Transform Meta Info

Display Name	To Last SSL Certificate [VirusTotal Public API]
Transform Name	virustotalpublic.dnsNameToLastSslCertificate
Short Description	Returns the last seen SSL certificate for the DNS name
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.DNSName
Output Entity(s)	maltego.X509Certificate

To Last SSL Certificate [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform retrieves the last seen SSL Certificate for the given domain as seen by VirusTotal.

Transform Meta Info

Display Name	To Last SSL Certificate [VirusTotal Public API]
Transform Name	virustotalpublic.domainToLastSslCertificate
Short Description	Returns the last SSL certificate for the domain
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.Domain
Output Entity(s)	maltego.X509Certificate

To Last SSL Certificate [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform retrieves the last seen SSL Certificate on the given IP address as seen by VirusTotal.

Transform Meta Info

Display Name	To Last SSL Certificate [VirusTotal Public API]
Transform Name	virustotalpublic.ipv4AddressToLastSslCertificate
Short Description	Returns the last SSL certificate for the IP Address
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.IPv4Address
Output Entity(s)	maltego.X509Certificate

To Last Serving IP Address [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform retrieves the last IP address that served the given URL.

Transform Meta Info

Display Name	To Last Serving IP Address [VirusTotal Public API]
Transform Name	virustotalpublic.urlToLastServingIpAddress
Short Description	Returns the last IP address that served the URL
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.URL
Output Entity(s)	maltego.IPv4Address

To Nameserver [VirusTotal Public API]

Transform Inputs

Not applicable

Description

This Transform parses the WHOIS Entity properties and returns the NS record. NS records are used to link the authoritative Name Servers for a domain in that domain’s registration.

Transform Meta Info

Display Name	To Nameserver [VirusTotal Public API]
Transform Name	virustotalpublic.whoisToNameserver
Short Description	Returns the WHOIS NS records
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.WHOIS
Output Entity(s)	maltego.NSRecord

To Network Location [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform retrieves the last network location that served a given URL. A domain or an IP address Entity will be returned.

Transform Meta Info

Display Name	To Network Location [VirusTotal Public API]
Transform Name	virustotalpublic.urlToNetworkLocation
Short Description	Returns the VirusTotal (Domain or IP address) for the URL
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.URL
Output Entity(s)	maltego.IPv4Address, maltego.Domain

To Outgoing Links [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns the outgoing links in the page identified by the given URL.

Transform Meta Info

Display Name	To Outgoing Links [VirusTotal Public API]
Transform Name	virustotalpublic.urlToOutgoingLinks
Short Description	Returns the outgoing links found in the URL’s HTML content
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.URL
Output Entity(s)	maltego.URL

To PE Resource Parents [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

Portable Executable (PE) files are a common occurance in Malware analysis. These files contain all the needed dependencies (libraries, drivers, etc.) that are needed to execute Malware in a single file. These files may also contain a runtime unpacker which makes them similar to zip files that can unpack the bundled files upon execution.

This Transform retrieves the PE resource parents for the given file. PE resource parents are PE files that contain the given file as a bundled resource.

Transform Meta Info

Display Name	To PE Resource Parents [VirusTotal Public API]
Transform Name	virustotalpublic.virustotalFileToPEResourceParents
Short Description	Returns the PE files containing the given file as a resource
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.virustotal.File
Output Entity(s)	maltego.virustotal.File

To Parent Domain [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns the parent domain for the given input DNS name.

Transform Meta Info

Display Name	To Parent Domain [VirusTotal Public API]
Transform Name	virustotalpublic.dnsNameToParentDomain
Short Description	Returns the DNS name’s parent domain
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.DNSName
Output Entity(s)	maltego.Domain

To Parent Domain [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns the parent domain for the given input domain.

Transform Meta Info

Display Name	To Parent Domain [VirusTotal Public API]
Transform Name	virustotalpublic.domainToParentDomain
Short Description	Returns the domain’s parent domain
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.Domain
Output Entity(s)	maltego.Domain

To Referrer Files [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns the files which contain the given DNS name within its strings.

Transform Meta Info

Display Name	To Referrer Files [VirusTotal Public API]
Transform Name	virustotalpublic.dnsNameToReferrerFiles
Short Description	Returns a list of files containing the given DNS name in its strings
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.DNSName
Output Entity(s)	maltego.virustotal.File

To Referrer Files [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns the files which contain the given domain within its strings.

Transform Meta Info

Display Name	To Referrer Files [VirusTotal Public API]
Transform Name	virustotalpublic.domainToReferrerFiles
Short Description	Returns a list of files containing the given domain on its strings
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.Domain
Output Entity(s)	maltego.virustotal.File

To Referrer Files [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns the files which contain the given IP address within its strings.

Transform Meta Info

Display Name	To Referrer Files [VirusTotal Public API]
Transform Name	virustotalpublic.ipv4AddressToReferrerFiles
Short Description	Returns a list of files containing the given IP Address on its strings
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.IPv4Address
Output Entity(s)	maltego.virustotal.File

To Registrant Email [VirusTotal Public API]

Transform Inputs

Not applicable

Description

This Transform parses the WHOIS Entity properties and returns the registrant’s email.

Transform Meta Info

Display Name	To Registrant Email [VirusTotal Public API]
Transform Name	virustotalpublic.whoisToRegistrantEmail
Short Description	Returns the WHOIS record registrant’s email
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.WHOIS
Output Entity(s)	maltego.EmailAddress

To Registrant Name [VirusTotal Public API]

Transform Inputs

Not applicable

Description

This Transform parses the WHOIS Entity properties and returns the registrant’s name.

Transform Meta Info

Display Name	To Registrant Name [VirusTotal Public API]
Transform Name	virustotalpublic.whoisToRegistrantName
Short Description	Returns the WHOIS record registrant name
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.WHOIS
Output Entity(s)	maltego.Alias

To Registrant Organization [VirusTotal Public API]

Transform Inputs

Not applicable

Description

This Transform parses the WHOIS Entity properties and returns the registrant’s organization.

Transform Meta Info

Display Name	To Registrant Organization [VirusTotal Public API]
Transform Name	virustotalpublic.whoisToRegistrantOrg
Short Description	Returns the WHOIS record registrant’s organization
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.WHOIS
Output Entity(s)	maltego.Organization

To Registrant Phone [VirusTotal Public API]

Transform Inputs

Not applicable

Description

This Transform parses the WHOIS Entity properties and returns the registrant’s phone number.

Transform Meta Info

Display Name	To Registrant Phone [VirusTotal Public API]
Transform Name	virustotalpublic.whoisToRegistrantPhone
Short Description	Returns the WHOIS record registrant’s phone number
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.WHOIS
Output Entity(s)	maltego.PhoneNumber

To Registrar URL [VirusTotal Public API]

Transform Inputs

Not applicable

Description

This Transform parses the WHOIS Entity properties and returns the registrar’s URL.

Transform Meta Info

Display Name	To Registrar URL [VirusTotal Public API]
Transform Name	virustotalpublic.whoisToRegistrarURL
Short Description	Returns the WHOIS record registrar’s URL
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.WHOIS
Output Entity(s)	maltego.URL

To Registrar [VirusTotal Public API]

Transform Inputs

Not applicable

Description

This Transform parses the WHOIS Entity properties and returns the registrar.

Transform Meta Info

Display Name	To Registrar [VirusTotal Public API]
Transform Name	virustotalpublic.whoisToRegistrar
Short Description	Returns the WHOIS record registrar
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.WHOIS
Output Entity(s)	maltego.Organization

To Resolved IPs [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns the resolved IP addresses for the given DNS name.

Transform Meta Info

Display Name	To Resolved IPs [VirusTotal Public API]
Transform Name	virustotalpublic.dnsNameToDnsResolutions
Short Description	Returns the resolved IP addresses for the given DNS name
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.DNSName
Output Entity(s)	maltego.IPv4Address, maltego.IPv6Address

To Resolved IPs [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns the resolved IP addresses for the given domain.

Transform Meta Info

Display Name	To Resolved IPs [VirusTotal Public API]
Transform Name	virustotalpublic.domainToDnsResolutions
Short Description	Returns the resolved IP addresses for the given domain
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.Domain
Output Entity(s)	maltego.IPv4Address

To Screenshots [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns screenshots which were taken during the file analysis.

Transform Meta Info

Display Name	To Screenshots [VirusTotal Public API]
Transform Name	virustotalpublic.virustotalFileToScreenshots
Short Description	Returns the screenshots captured during a file analysis
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.virustotal.File
Output Entity(s)	maltego.Image

To Siblings [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns the domains on the same domain hierarchy level as the given DNS name.

Transform Meta Info

Display Name	To Siblings [VirusTotal Public API]
Transform Name	virustotalpublic.dnsNameToSiblings
Short Description	Returns the sibling domains of the given DNS name
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.DNSName
Output Entity(s)	maltego.Domain

To Siblings [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns the domains on the same domain hierarchy level as the domain.

Transform Meta Info

Display Name	To Siblings [VirusTotal Public API]
Transform Name	virustotalpublic.domainToSiblings
Short Description	Returns the sibling domains of the Internet domain
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.Domain
Output Entity(s)	maltego.Domain

To Subdomains [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns the sub domains of the input DNS name.

Transform Meta Info

Display Name	To Subdomains [VirusTotal Public API]
Transform Name	virustotalpublic.dnsNameToSubdomains
Short Description	Returns the subdomains of the DNS name
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.DNSName
Output Entity(s)	maltego.Domain

To Subdomains [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns the sub domains of the given domain.

Transform Meta Info

Display Name	To Subdomains [VirusTotal Public API]
Transform Name	virustotalpublic.domainToSubdomains
Short Description	Returns the subdomains of the domain
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.Domain
Output Entity(s)	maltego.Domain

To Subnet [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform the subnet to which the given IP address belongs to.

Transform Meta Info

Display Name	To Subnet [VirusTotal Public API]
Transform Name	virustotalpublic.ipv4AddressToSubnet
Short Description	Returns the subnet for the IP Address
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.IPv4Address
Output Entity(s)	maltego.CIDR

To Tags [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns the tag classifications assigned to the given DNS name. The tags are determined by VirusTotal depending various factors such as behavior, analysis results, file type, etc.

Transform Meta Info

Display Name	To Tags [VirusTotal Public API]
Transform Name	virustotalpublic.dnsNameToTags
Short Description	Returns the tags assigned to the DNS name
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.DNSName
Output Entity(s)	maltego.virustotal.Tag

To Tags [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

Transform returns the tag classifications assigned to the domain. The tags are determined by VirusTotal depending various factors such as behavior, analysis results, file type, etc.

Transform Meta Info

Display Name	To Tags [VirusTotal Public API]
Transform Name	virustotalpublic.domainToTags
Short Description	Returns the tags assigned to the domain
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.Domain
Output Entity(s)	maltego.virustotal.Tag

To Tags [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns the tag classification assigned to the given IP address. The tags are determined by VirusTotal depending various factors such as behavior, analysis results, file type, etc.

Transform Meta Info

Display Name	To Tags [VirusTotal Public API]
Transform Name	virustotalpublic.ipv4AddressToTags
Short Description	Returns the tags associated with the VirusTotal IP Address
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.IPv4Address
Output Entity(s)	maltego.virustotal.Tag

To Tags [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns the tag classification assigned to the given URL. The tags are determined by VirusTotal depending various factors such as behavior, analysis results, file type, etc.

Transform Meta Info

Display Name	To Tags [VirusTotal Public API]
Transform Name	virustotalpublic.urlToTags
Short Description	Returns the tags associated with a URL
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.URL
Output Entity(s)	maltego.virustotal.Tag

To Tracking Code [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns any tracking codes found in the HTML content of at the given URL.

Transform Meta Info

Display Name	To Tracking Code [VirusTotal Public API]
Transform Name	virustotalpublic.urlToTrackingCode
Short Description	Returns the tracking codes found on the page
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.URL
Output Entity(s)	maltego.UniqueIdentifier

To VirusTotal File [VirusTotal Public API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform searches VirusTotal for a previously scanned file matching the given hash and returns the matched file.

Transform Meta Info

Display Name	To VirusTotal File [VirusTotal Public API]
Transform Name	virustotalpublic.hashToVirustotalFile
Short Description	Returns the VirusTotal file for a given hash
Data Source	VirusTotal Public API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.Hash
Output Entity(s)	maltego.virustotal

Below, please find a detailed list of all the VirusTotal Premium Transforms:

Domains Analysed in Subnet [VirusTotal Premium API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform forms a VirusTotal intelligent query based on the given subnet such as entity:domain ip:”0.0.0.0/8” and searches for domains that resolved to any of the IP addresses belonging to the subnet.

Transform Meta Info

Display Name	Domains Analysed in Subnet [VirusTotal Premium API]
Transform Name	virustotalpremium.cidrToAnalysedDomain
Short Description	Returns domains that resolved to IP addresses in the given subnet
Data Source	VirusTotal Premium API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.CIDR
Output Entity(s)	maltego.Domain

Raw Intelligence Search [VirusTotal Premium API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform forms a VirusTotal intelligent query based on the raw input such as content:”google.com” and sends a query to the intelligence search endpoint. Any of domains, IP addresses, files, URLs and comments may be returned.

For more information about the VirusTotal intelligence search query syntax, please refer here: https://support.virustotal.com/hc/en-us/articles/360001387057-VirusTotal-Intelligence-Introduction

Transform Meta Info

Display Name	Raw Intelligence Search [VirusTotal Premium API]
Transform Name	virustotalpremium.phraseToRawIntelligenceSearch
Short Description	Searches VirusTotal for domains, IP addresses, files, URLs and comments using the VirusTotal Intelligence query syntax
Data Source	VirusTotal Premium API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.Phrase
Output Entity(s)	maltego.IPv4Address,maltego.Domain,maltego.virustotal.File, maltego.virustotal.Comment,maltego.URL

To Analysis Results [VirusTotal Premium API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

URLs submitted to VirusTotal are analysed by various engines, each engine will provide a classification result such as Trojan/****. This Transform extracts and returns the analysis result from the analyses done on the URL.

Transform Meta Info

Display Name	To Analysis Results [VirusTotal Premium API]
Transform Name	virustotalpremium.UrlToAnalysisResults
Short Description	Returns the results of analyses done on the URL
Data Source	VirusTotal Premium API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.URL
Output Entity(s)	maltego.virustotal.AnalysisResult

To Analysis Results [VirusTotal Premium API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

Files submitted to VirusTotal are analyzed by various engines, each engine will provide a classification result such as Trojan/****. This Transform extracts and returns the analysis result from the analyses done on the file.

Transform Meta Info

Display Name	To Analysis Results [VirusTotal Premium API]
Transform Name	virustotalpremium.virustotalFileToAnalysisResults
Short Description	Returns the results of analyses done on the file
Data Source	VirusTotal Premium API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.virustotal.File
Output Entity(s)	maltego.virustotal.AnalysisResult

To Carbon Black Children [VirusTotal Premium API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

The carbonblack_children relationship returns the list of all files derived from a given file according to Carbon Black. CarbonBlack acts like a surveillance camera for end-user PCs, recording downloaded files, spawned processes, files written to disk, etc. CarbonBlack shares its in-the-wild data with VirusTotal.

This Transform retrieves files written to disk by the file according to CarbonBlack.

Transform Meta Info

Display Name	To Carbon Black Children [VirusTotal Premium API]
Transform Name	virustotalpremium.virustotalFileToCarbonBlackChildren
Short Description	Returns files derived from the file according to Carbon Black
Data Source	VirusTotal Premium API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.virustotal.File
Output Entity(s)	maltego.virustotal.File

To Carbon Black Parents [VirusTotal Premium API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

The carbonblack_parents relationship returns the list of all files from which a given file was derived according to Carbon Black.

CarbonBlack acts like a surveillance camera for end-user PCs, recording downloaded files, spawned processes, files written to disk, etc. CarbonBlack shares its in-the-wild data with VirusTotal.

This Transform retrieves files that wrote the file under consideration to disk according to CarbonBlack.

Transform Meta Info

Display Name	To Carbon Black Parents [VirusTotal Premium API]
Transform Name	virustotalpremium.virustotalFileToCarbonBlackParents
Short Description	Returns files from which a given file was derived according to Carbon Black
Data Source	VirusTotal Premium API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.virustotal.File
Output Entity(s)	maltego.virustotal.File

To Compressed Parent Files [VirusTotal Premium API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns all compressed bundles (which also are file objects) found containing the given file.

Transform Meta Info

Display Name	To Compressed Parent Files [VirusTotal Premium API]
Transform Name	virustotalpremium.virustotalFileToCompressedParents
Short Description	Returns compressed files that contain the file
Data Source	VirusTotal Premium API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.virustotal.File
Output Entity(s)	maltego.virustotal.File

To Contacted Domains [VirusTotal Premium API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns the domains from which the input URL was found to load resources during analysis of the input URL.

Transform Meta Info

Display Name	To Contacted Domains [VirusTotal Premium API]
Transform Name	virustotalpremium.urlToContactedDomains
Short Description	Returns the domains contacted by the URL
Data Source	VirusTotal Premium API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.URL
Output Entity(s)	maltego.Domain

To Contacted IP Addresses [VirusTotal Premium API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns the IP addresses from which the input URL was found to load resources during VirusTotal analysis of the input URL.

Transform Meta Info

Display Name	To Contacted IP Addresses [VirusTotal Premium API]
Transform Name	virustotalpremium.urlToContactedIpAddresses
Short Description	Returns the IP Addresses contacted by the URL
Data Source	VirusTotal Premium API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.URL
Output Entity(s)	maltego.IPv4Address

To Domains in the Wild [VirusTotal Premium API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

1Description

This Transform returns domains observed the wild where the given file was downloaded. In the wild means (seen in other VirusTotal analyses).

Transform Meta Info

Display Name	To Domains in the Wild [VirusTotal Premium API]
Transform Name	virustotalpremium.virustotalFileToItwDomains
Short Description	Returns a list of in the wild domain names from which the file has been downloaded
Data Source	VirusTotal Premium API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.virustotal.File
Output Entity(s)	maltego.Domain

To Download URL [VirusTotal Premium API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

If the given file is available for download, a temporary URL for downloading the file is returned. This URL expires after 1 hour.

Transform Meta Info

Display Name	To Download URL [VirusTotal Premium API]
Transform Name	virustotalpremium.virustotalFileToDownloadUrl
Short Description	Returns the URL to download the VirusTotal file. Warning, you might be possibly downloading Malware. The URL expires after a 1 hour
Data Source	VirusTotal Premium API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.virustotal.File
Output Entity(s)	maltego.URL

To Downloaded Files [VirusTotal Premium API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns files that were hosted under the given DNS name or any of its subdomains and downloaded by VirusTotal during analysis runs.

Transform Meta Info

Display Name	To Downloaded Files [VirusTotal Premium API]
Transform Name	virustotalpremium.dnsNameToDownloadedFiles
Short Description	Returns files downloaded from the DNS Name
Data Source	VirusTotal Premium API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.DNSName
Output Entity(s)	maltego.virustotal.File

To Downloaded Files [VirusTotal Premium API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns files that were hosted under the given domain name or any of its subdomains and downloaded by VirusTotal during analysis runs.

Transform Meta Info

Display Name	To Downloaded Files [VirusTotal Premium API]
Transform Name	virustotalpremium.domainToDownloadedFiles
Short Description	Returns files downloaded from the Internet domain
Data Source	VirusTotal Premium API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.Domain
Output Entity(s)	maltego.virustotal.File

To Downloaded Files [VirusTotal Premium API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns files that were hosted under the given IP address and downloaded by VirusTotal during analysis runs.

Transform Meta Info

Display Name	To Downloaded Files [VirusTotal Premium API]
Transform Name	virustotalpremium.ipv4AddressToDownloadedFiles
Short Description	Returns files downloaded from the IP Address
Data Source	VirusTotal Premium API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.IPv4Address
Output Entity(s)	maltego.virustotal.File

To DownloadedFiles [VirusTotal Premium API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns files that were downloaded from the given URL by VirusTotal during analysis runs.

Transform Meta Info

Display Name	To DownloadedFiles [VirusTotal Premium API]
Transform Name	virustotalpremium.urlToDownloadedFiles
Short Description	Returns the files downloaded from the URL
Data Source	VirusTotal Premium API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.URL
Output Entity(s)	maltego.virustotal.File

To Email Attachments [VirusTotal Premium API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns all files contained in an email file as attachments. No results are returned if the given input is not an email file.

Transform Meta Info

Display Name	To Email Attachments [VirusTotal Premium API]
Transform Name	virustotalpremium.virustotalFileToEmailAttachments
Short Description	Returns files contained in the email file as attachments
Data Source	VirusTotal Premium API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.virustotal.File
Output Entity(s)	maltego.virustotal.File

To Email Parents [VirusTotal Premium API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns all email files containing the given file.

Transform Meta Info

Display Name	To Email Parents [VirusTotal Premium API]
Transform Name	virustotalpremium.virustotalFileToEmailParents
Short Description	Returns the email files containing the given file
Data Source	VirusTotal Premium API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.virustotal.File
Output Entity(s)	maltego.virustotal.File

To Embedded Domains [VirusTotal Premium API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

A file may contain domain names within its strings, this Transform returns all domain names embedded in the given file.

Transform Meta Info

Display Name	To Embedded Domains [VirusTotal Premium API]
Transform Name	virustotalpremium.virustotalFileToEmbeddedDomains
Short Description	Returns domain names embedded in the given file
Data Source	VirusTotal Premium API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.virustotal.File
Output Entity(s)	maltego.Domain

To Embedded IP Addresses [VirusTotal Premium API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

A file may contains IP addresses within its strings, this Transform returns all IP addresses embedded in a given file.

Transform Meta Info

Display Name	To Embedded IP Addresses [VirusTotal Premium API]
Transform Name	virustotalpremium.virustotalFileToEmbeddedIpAddresses
Short Description	Returns IP addresses embedded in a given file
Data Source	VirusTotal Premium API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.virustotal.File
Output Entity(s)	maltego.IPv4Address

To Files in Ciphered Bundle [VirusTotal Premium API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform will lookup files within the given encrypted file.

Transform Meta Info

Display Name	To Files in Ciphered Bundle [VirusTotal Premium API]
Transform Name	virustotalpremium.virustotalFileToFilesInCipheredBundle
Short Description	Returns files bundled inside the given encrypted file
Data Source	VirusTotal Premium API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.virustotal.File
Output Entity(s)	maltego.virustotal.File

To Overlay Parent Files [VirusTotal Premium API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns files containing a given file as in their overlay segment. Overlay programming is used by maleware to hide and/or bundle their payload files.

Transform Meta Info

Display Name	To Overlay Parent Files [VirusTotal Premium API]
Transform Name	virustotalpremium.virustotalFileToOverlayParents
Short Description	Returns files containing the given file in their overlay
Data Source	VirusTotal Premium API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.virustotal.File
Output Entity(s)	maltego.virustotal.File

To PCap Parent Files [VirusTotal Premium API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns PCAP network traffic files containing the given file.

Transform Meta Info

Display Name	To PCap Parent Files [VirusTotal Premium API]
Transform Name	virustotalpremium.virustotalFileToPcapParentFiles
Short Description	Returns PCap files containing a given file
Data Source	VirusTotal Premium API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.virustotal.File
Output Entity(s)	maltego.virustotal.File

To Redirecting URLs [VirusTotal Premium API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns URLs that redirected to the given DNS Name.

Transform Meta Info

Display Name	To Redirecting URLs [VirusTotal Premium API]
Transform Name	virustotalpremium.dnsNameToRedirectingUrls
Short Description	Returns URLs that redirected to the given DNS Name
Data Source	VirusTotal Premium API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.DNSName
Output Entity(s)	maltego.URL

To Redirecting URLs [VirusTotal Premium API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns URLs that redirected to the given domain.

Transform Meta Info

Display Name	To Redirecting URLs [VirusTotal Premium API]
Transform Name	virustotalpremium.domainToRedirectingUrls
Short Description	Returns URLs that redirected to the given domain
Data Source	VirusTotal Premium API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.Domain
Output Entity(s)	maltego.URL

To Redirecting URLs [VirusTotal Premium API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns URLs that redirected to the given URL.

Transform Meta Info

Display Name	To Redirecting URLs [VirusTotal Premium API]
Transform Name	virustotalpremium.urlToRedirectingUrls
Short Description	Returns URLs that redirected to the given URL
Data Source	VirusTotal Premium API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.URL
Output Entity(s)	maltego.URL

To Redirects [VirusTotal Premium API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns URLs that were redirected from a URL containing just the given DNS name.

Transform Meta Info

Display Name	To Redirects [VirusTotal Premium API]
Transform Name	virustotalpremium.dnsNameToRedirectsTo
Short Description	Returns URLs a given DNS Name redirected to
Data Source	VirusTotal Premium API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.DNSName
Output Entity(s)	maltego.URL

To Redirects [VirusTotal Premium API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns URLs that were redirected from a URL containing just the given domain.

Transform Meta Info

Display Name	To Redirects [VirusTotal Premium API]
Transform Name	virustotalpremium.domainToRedirectsTo
Short Description	Returns URLs a given domain redirected to
Data Source	VirusTotal Premium API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.Domain
Output Entity(s)	maltego.URL

To Redirects [VirusTotal Premium API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns URLs that were redirected from the given URL.

Transform Meta Info

Display Name	To Redirects [VirusTotal Premium API]
Transform Name	virustotalpremium.urlToRedirectsTo
Short Description	Returns URLs a given URL redirected to
Data Source	VirusTotal Premium API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.URL
Output Entity(s)	maltego.URL

To Similar Files [VirusTotal Premium API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns files similar to the input file.

Transform Meta Info

Display Name	To Similar Files [VirusTotal Premium API]
Transform Name	virustotalpremium.virustotalFileToSimilarFiles
Short Description	Returns a list of similar files to the given file
Data Source	VirusTotal Premium API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.virustotal.File
Output Entity(s)	maltego.virustotal.File

To URLs Sharing Tracking Code [VirusTotal Premium API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform forms an VirusTotal intelligent query in the background to return URLs whose content contains or contained any of the tracking codes contained in the given URL.

Tracking codes are unique identifiers that are usually employed for serving ads and to track a website’s usage patterns. They may of help in grouping related websites.

Transform Meta Info

Display Name	To URLs Sharing Tracking Code [VirusTotal Premium API]
Transform Name	virustotalpremium.trackingCodeToURL
Short Description	Returns URLs sharing the given tracking code
Data Source	VirusTotal Premium API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.UniqueIdentifier
Output Entity(s)	maltego.URL

To URLs [VirusTotal Premium API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns URLs containing the given DNS name.

Transform Meta Info

Display Name	To URLs [VirusTotal Premium API]
Transform Name	virustotalpremium.dnsNameToUrls
Short Description	Returns URLs with the input DNS Name
Data Source	VirusTotal Premium API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.DNSName
Output Entity(s)	maltego.URL

To URLs [VirusTotal Premium API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns URLs containing the given domain.

Transform Meta Info

Display Name	To URLs [VirusTotal Premium API]
Transform Name	virustotalpremium.domainToUrls
Short Description	Returns URLs with this Internet domain
Data Source	VirusTotal Premium API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.Domain
Output Entity(s)	maltego.URL

To URLs [VirusTotal Premium API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns URLs resolving to the given IP address.

Transform Meta Info

Display Name	To URLs [VirusTotal Premium API]
Transform Name	virustotalpremium.ipv4AddressToUrls
Short Description	Returns URLs related to the IP Address
Data Source	VirusTotal Premium API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.IPv4Address
Output Entity(s)	maltego.URL

To URLs in the Wild [VirusTotal Premium API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform returns URLs observed in the wild where the file was downloaded. In the wild means (seen in other analyses).

Transform Meta Info

Display Name	To URLs in the Wild [VirusTotal Premium API]
Transform Name	virustotalpremium.virustotalFileToItwURLs
Short Description	Returns a list of in the wild URLs from which the file has been downloaded
Data Source	VirusTotal Premium API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.virustotal.File
Output Entity(s)	maltego.URL

URLs Analysed in Subnet [VirusTotal Premium API]

Transform Inputs

SettingName	Setting type	Default Value	Optional	Popup	Display	Auth
apikey	string		False	False	VirusTotal API Key	True

Description

This Transform forms an VirusTotal intelligent query such as entity:url ip:”0.0.0.0/8” in the background to search for URLs that were previously analysed and resolved to IP addresses belonging to the given subnet.

Transform Meta Info

Display Name	URLs Analysed in Subnet [VirusTotal Premium API]
Transform Name	virustotalpremium.cidrToAnalysedUrl
Short Description	Searches VirusTotal for URLs analysed in the subnet using VirusTotal intelligence query syntax
Data Source	VirusTotal Premium API
Owner	<Maltego Technologies GmbH>
Author	<dev@maltego.com>
Input Entity	maltego.CIDR
Output Entity(s)	maltego.URL