Documentation Home Maltego Academy Maltego Blog Contact Us
Welcome
Login
Open navigation

VirusTotal Premium API

Modified on: Wed, 28 Aug, 2024 at 6:39 PM

Overview

VirusTotal provides a service to analyze files and URLs for viruses, worms, trojans, and other kinds of malicious content. It is one of the most renowned and best-rated data sources within the cybersecurity sphere, particularly when it comes to malware research.

Upon submitting a file or URL, basic results are shared with the submitter and between the examining partners who use results to improve their own systems. It inspects items with over 70 antivirus scanners and URL/domain blacklisting services in addition to a myriad of tools to extract signals from the studied content.


This core analysis is also the basis for several other features, including the VirusTotal Community: A network that allows users to comment on files and URLs and share notes with each other. VirusTotal can be useful in detecting malicious content and also in identifying false positives—Normal and harmless items detected as malicious by one or more scanners.

Through collaboration between members of the antivirus industry, researchers, and end-users of all kinds, VirusTotal has built a database of over two billion analyzed files thus filling a gap for many companies which experience a lack of resources to collect their own malware samples and related indicators of compromise (IOCs). 


More information on the VirusTotal APIs can be found here . 


The Premium API has many advantages over the Public API such as: 

  • A strict Service License Agreement (SLA) that guarantees availability and readiness of data 
  • Has more endpoints (similarity search, clustering, behavioral information, etc.), and returns richer information for the items looked up, exposes whitelisting, and trusted source information 
  • Allows you to choose a request rate and daily quota allowance that best suits your needs 

VirusTotal Premium API use case in Maltego

 

You can read more about VirusTotal Premium API Transforms on Maltego's website here.

VirusTotal (Premium API): VirusTotal Premium API Transforms

To Redirecting URLs [VirusTotal Premium API]

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
apikeyVirusTotal API Keystring TrueTrueTrue

Transform Meta Info

InformationValue
Display NameTo Redirecting URLs [VirusTotal Premium API]
Owner 
AuthorMaltego
Data SourceVirusTotal Premium API
Output Entitiesmaltego.URL

Variants

Transform NameShort DescriptionInput Entities
virustotalpremium.urlToRedirectingUrlsReturns URLs that redirected to the given URLmaltego.URL
virustotalpremium.dnsNameToRedirectingUrlsReturns URLs that redirected to the given DNS Namemaltego.DNSName
virustotalpremium.domainToRedirectingUrlsReturns URLs that redirected to the given domainmaltego.Domain

To Contacted Domains [VirusTotal Premium API]

Description

Returns the domains contacted by the URL

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
apikeyVirusTotal API Keystring TrueTrueTrue

Transform Meta Info

InformationValue
Display NameTo Contacted Domains [VirusTotal Premium API]
Owner 
AuthorMaltego
Data SourceVirusTotal Premium API
Transform Namevirustotalpremium.urlToContactedDomains
Short DescriptionReturns the domains contacted by the URL
Input Entitiesmaltego.URL
Output Entitiesmaltego.Domain

To VirusTotal File [VirusTotal Premium API]

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
antivirusLabelContainsAntivirus Label Containsstring TrueTrueFalse
apikeyVirusTotal API Keystring TrueTrueTrue
behaviourReportContainsBehaviour Report Containsstring TrueTrueFalse
downloadedFromDownloaded Fromstring TrueTrueFalse
fileMetadataContainsFile Metadata Containsstring TrueTrueFalse
fileNameFile Namestring TrueTrueFalse
fileSignatureContainsFile Signature Containsstring TrueTrueFalse
fileTypeFile Typestring TrueTrueFalse
lastSeenAfterLast Seen Afterdatetime TrueTrueFalse
lastSeenBeforeLast Seen Beforedate TrueTrueFalse
maxFileSizeKbMaximum File Size (KB)string TrueTrueFalse
minDetectionsMinimum Detectionsstring TrueTrueFalse
minFileSizeKbMinimum File Size (KB)string TrueTrueFalse
minimumTimesSubmittedMinimum Times Submittedstring TrueTrueFalse
minimumUniqueSourcesMinimum Unique Sourcesstring TrueTrueFalse
tagsTagsstring TrueTrueFalse

Transform Meta Info

InformationValue
Display NameTo VirusTotal File [VirusTotal Premium API]
Owner 
AuthorMaltego
Data SourceVirusTotal Premium API
Output Entitiesmaltego.virustotal.File

Variants

Transform NameShort DescriptionInput Entities
virustotalpremium.yaraRuleToVirusTotalFileReturns the files that contain this YARA rule.maltego.virustotal.YaraRule
virustotalpremium.sigmaRuleToVirusTotalFileReturns the files that contain this Sigma rule.maltego.virustotal.SigmaRule
virustotalpremium.idsRuleToVirusTotalFileReturns the destination port that the IDS rule defines.maltego.virustotal.IdsRule

To Redirects [VirusTotal Premium API]

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
apikeyVirusTotal API Keystring TrueTrueTrue

Transform Meta Info

InformationValue
Display NameTo Redirects [VirusTotal Premium API]
Owner 
AuthorMaltego
Data SourceVirusTotal Premium API
Output Entitiesmaltego.URL

Variants

Transform NameShort DescriptionInput Entities
virustotalpremium.domainToRedirectsToReturns URLs a given domain redirects tomaltego.Domain
virustotalpremium.urlToRedirectsToReturns URLs a given URL redirects tomaltego.URL
virustotalpremium.dnsNameToRedirectsToReturns URLs a given DNS Name redirects tomaltego.DNSName

To Carbon Black Children [VirusTotal Premium API]

Description

Returns files derived from the file according to Carbon Black

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
apikeyVirusTotal API Keystring TrueTrueTrue

Transform Meta Info

InformationValue
Display NameTo Carbon Black Children [VirusTotal Premium API]
Owner 
AuthorMaltego
Data SourceVirusTotal Premium API
Transform Namevirustotalpremium.virustotalFileToCarbonBlackChildren
Short DescriptionReturns files derived from the file according to Carbon Black
Input Entitiesmaltego.virustotal.File
Output Entitiesmaltego.virustotal.File

To Download URL [VirusTotal Premium API]

Description

Returns the URL to download the VirusTotal file. Warning, you might be possibly downloading Malware. The URL expires after a 1 hour

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
apikeyVirusTotal API Keystring TrueTrueTrue

Transform Meta Info

InformationValue
Display NameTo Download URL [VirusTotal Premium API]
Owner 
AuthorMaltego
Data SourceVirusTotal Premium API
Transform Namevirustotalpremium.virustotalFileToDownloadUrl
Short DescriptionReturns the URL to download the VirusTotal file. Warning, you might be possibly downloading Malware. The URL expires after a 1 hour
Input Entitiesmaltego.virustotal.File
Output Entitiesmaltego.URL

To Sigma Rules [VirusTotal Premium API]

Description

Returns sigma rules for a file.

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
apikeyVirusTotal API Keystring TrueTrueTrue

Transform Meta Info

InformationValue
Display NameTo Sigma Rules [VirusTotal Premium API]
Owner 
AuthorMaltego
Data SourceVirusTotal Premium API
Transform Namevirustotalpremium.virustotalFileToSigmaRules
Short DescriptionReturns sigma rules for a file.
Input Entitiesmaltego.virustotal.File
Output Entitiesmaltego.virustotal.SigmaRule

To DownloadedFiles [VirusTotal Premium API]

Description

Returns the files downloaded from the URL

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
apikeyVirusTotal API Keystring TrueTrueTrue

Transform Meta Info

InformationValue
Display NameTo DownloadedFiles [VirusTotal Premium API]
Owner 
AuthorMaltego
Data SourceVirusTotal Premium API
Transform Namevirustotalpremium.urlToDownloadedFiles
Short DescriptionReturns the files downloaded from the URL
Input Entitiesmaltego.URL
Output Entitiesmaltego.virustotal.File

To Destination Port [VirusTotal Premium API]

Description

Returns the destination port that the IDS rule defines.

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
apikeyVirusTotal API Keystring TrueTrueTrue

Transform Meta Info

InformationValue
Display NameTo Destination Port [VirusTotal Premium API]
Owner 
AuthorMaltego
Data SourceVirusTotal Premium API
Transform Namevirustotalpremium.idsRuleToDestinationPort
Short DescriptionReturns the destination port that the IDS rule defines.
Input Entitiesmaltego.virustotal.IdsRule
Output Entitiesmaltego.Port

To Embedded Domains [VirusTotal Premium API]

Description

Returns domain names embedded in a given file

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
apikeyVirusTotal API Keystring TrueTrueTrue

Transform Meta Info

InformationValue
Display NameTo Embedded Domains [VirusTotal Premium API]
Owner 
AuthorMaltego
Data SourceVirusTotal Premium API
Transform Namevirustotalpremium.virustotalFileToEmbeddedDomains
Short DescriptionReturns domain names embedded in a given file
Input Entitiesmaltego.virustotal.File
Output Entitiesmaltego.Domain

To Files in Ciphered Bundle [VirusTotal Premium API]

Description

Returns files bundled inside a given file with a password

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
apikeyVirusTotal API Keystring TrueTrueTrue

Transform Meta Info

InformationValue
Display NameTo Files in Ciphered Bundle [VirusTotal Premium API]
Owner 
AuthorMaltego
Data SourceVirusTotal Premium API
Transform Namevirustotalpremium.virustotalFileToFilesInCipheredBundle
Short DescriptionReturns files bundled inside a given file with a password
Input Entitiesmaltego.virustotal.File
Output Entitiesmaltego.virustotal.File

To Overlay Parent Files [VirusTotal Premium API]

Description

Returns files containing a given file as an overlay

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
apikeyVirusTotal API Keystring TrueTrueTrue

Transform Meta Info

InformationValue
Display NameTo Overlay Parent Files [VirusTotal Premium API]
Owner 
AuthorMaltego
Data SourceVirusTotal Premium API
Transform Namevirustotalpremium.virustotalFileToOverlayParents
Short DescriptionReturns files containing a given file as an overlay
Input Entitiesmaltego.virustotal.File
Output Entitiesmaltego.virustotal.File

To Similar Domains [VirusTotal Premium API]

Description

Returns domains with similar names.

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
apikeyVirusTotal API Keystring TrueTrueTrue

Transform Meta Info

InformationValue
Display NameTo Similar Domains [VirusTotal Premium API]
Owner 
AuthorMaltego
Data SourceVirusTotal Premium API
Transform Namevirustotalpremium.domainToFuzzyDomains
Short DescriptionReturns domains with similar names.
Input Entitiesmaltego.Domain
Output Entitiesmaltego.Domain

To Downloaded Files [VirusTotal Premium API]

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
apikeyVirusTotal API Keystring TrueTrueTrue

Transform Meta Info

InformationValue
Display NameTo Downloaded Files [VirusTotal Premium API]
Owner 
AuthorMaltego
Data SourceVirusTotal Premium API
Output Entitiesmaltego.virustotal.File

Variants

Transform NameShort DescriptionInput Entities
virustotalpremium.domainToDownloadedFilesReturns files downloaded from the Internet domainmaltego.Domain
virustotalpremium.ipv4AddressToDownloadedFilesReturns files downloaded from the IP Addressmaltego.IPv4Address
virustotalpremium.dnsNameToDownloadedFilesReturns files downloaded from the DNS Namemaltego.DNSName

To Embedded IP Addresses [VirusTotal Premium API]

Description

Returns IP addresses embedded in a given file

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
apikeyVirusTotal API Keystring TrueTrueTrue

Transform Meta Info

InformationValue
Display NameTo Embedded IP Addresses [VirusTotal Premium API]
Owner 
AuthorMaltego
Data SourceVirusTotal Premium API
Transform Namevirustotalpremium.virustotalFileToEmbeddedIpAddresses
Short DescriptionReturns IP addresses embedded in a given file
Input Entitiesmaltego.virustotal.File
Output Entitiesmaltego.IPv4Address

To Domains [VirusTotal Premium API]

Description

Returns similarly configured domains.

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
apikeyVirusTotal API Keystring TrueTrueTrue

Transform Meta Info

InformationValue
Display NameTo Domains [VirusTotal Premium API]
Owner 
AuthorMaltego
Data SourceVirusTotal Premium API
Transform Namevirustotalpublic.jarmFingerprintToDomains
Short DescriptionReturns similarly configured domains.
Input Entitiesmaltego.Hash
Output Entitiesmaltego.Domain

To PCap Parent Files [VirusTotal Premium API]

Description

Returns PCap files containing a given file

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
apikeyVirusTotal API Keystring TrueTrueTrue

Transform Meta Info

InformationValue
Display NameTo PCap Parent Files [VirusTotal Premium API]
Owner 
AuthorMaltego
Data SourceVirusTotal Premium API
Transform Namevirustotalpremium.virustotalFileToPcapParentFiles
Short DescriptionReturns PCap files containing a given file
Input Entitiesmaltego.virustotal.File
Output Entitiesmaltego.virustotal.File

Domains Analysed in Subnet [VirusTotal Premium API]

Description

Searches VirusTotal for domains analysed in the subnet using VirusTotal intelligence query syntax

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
apikeyVirusTotal API Keystring TrueTrueTrue

Transform Meta Info

InformationValue
Display NameDomains Analysed in Subnet [VirusTotal Premium API]
Owner 
AuthorMaltego
Data SourceVirusTotal Premium API
Transform Namevirustotalpremium.cidrToAnalysedDomain
Short DescriptionSearches VirusTotal for domains analysed in the subnet using VirusTotal intelligence query syntax
Input Entitiesmaltego.CIDR
Output Entitiesmaltego.Domain

To YARA Rules [VirusTotal Premium API]

Description

Returns YARA rules for a file.

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
apikeyVirusTotal API Keystring TrueTrueTrue

Transform Meta Info

InformationValue
Display NameTo YARA Rules [VirusTotal Premium API]
Owner 
AuthorMaltego
Data SourceVirusTotal Premium API
Transform Namevirustotalpremium.virustotalFileToYaraRules
Short DescriptionReturns YARA rules for a file.
Input Entitiesmaltego.virustotal.File
Output Entitiesmaltego.virustotal.YaraRule

To URLs [VirusTotal Premium API]

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
apikeyVirusTotal API Keystring TrueTrueTrue

Transform Meta Info

InformationValue
Display NameTo URLs [VirusTotal Premium API]
Owner 
AuthorMaltego
Data SourceVirusTotal Premium API
Output Entitiesmaltego.URL

Variants

Transform NameShort DescriptionInput Entities
virustotalpremium.dnsNameToUrlsReturns URLs with the input DNS Namemaltego.DNSName
virustotalpremium.domainToUrlsReturns URLs with this Internet domainmaltego.Domain
virustotalpremium.ipv4AddressToUrlsReturns URLs related to the IP Addressmaltego.IPv4Address

To Compressed Parent Files [VirusTotal Premium API]

Description

Returns compressed files that contain the file

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
apikeyVirusTotal API Keystring TrueTrueTrue

Transform Meta Info

InformationValue
Display NameTo Compressed Parent Files [VirusTotal Premium API]
Owner 
AuthorMaltego
Data SourceVirusTotal Premium API
Transform Namevirustotalpremium.virustotalFileToCompressedParents
Short DescriptionReturns compressed files that contain the file
Input Entitiesmaltego.virustotal.File
Output Entitiesmaltego.virustotal.File

To Email Attachments [VirusTotal Premium API]

Description

Returns files contained in an email file as attachments

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
apikeyVirusTotal API Keystring TrueTrueTrue

Transform Meta Info

InformationValue
Display NameTo Email Attachments [VirusTotal Premium API]
Owner 
AuthorMaltego
Data SourceVirusTotal Premium API
Transform Namevirustotalpremium.virustotalFileToEmailAttachments
Short DescriptionReturns files contained in an email file as attachments
Input Entitiesmaltego.virustotal.File
Output Entitiesmaltego.virustotal.File

To URLs Sharing Tracking Code [VirusTotal Premium API]

Description

Returns URLs sharing the given tracking code

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
apikeyVirusTotal API Keystring TrueTrueTrue

Transform Meta Info

InformationValue
Display NameTo URLs Sharing Tracking Code [VirusTotal Premium API]
Owner 
AuthorMaltego
Data SourceVirusTotal Premium API
Transform Namevirustotalpremium.trackingCodeToURL
Short DescriptionReturns URLs sharing the given tracking code
Input Entitiesmaltego.UniqueIdentifier
Output Entitiesmaltego.URL

To VirusTotal Files [VirusTotal Premium API]

Description

Searches VirusTotal for files tagged with a specific Common Vulnerability and Exposure (CVE).

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
apikeyVirusTotal API Keystring TrueTrueTrue

Transform Meta Info

InformationValue
Display NameTo VirusTotal Files [VirusTotal Premium API]
Owner 
AuthorMaltego
Data SourceVirusTotal Premium API
Transform Namevirustotalpremium.cveToVirustotalFiles
Short DescriptionSearches VirusTotal for files tagged with a specific Common Vulnerability and Exposure (CVE).
Input Entitiesmaltego.CVE
Output Entitiesmaltego.File

To IDS Rules [VirusTotal Premium API]

Description

Returns IDS rules for a file.

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
apikeyVirusTotal API Keystring TrueTrueTrue

Transform Meta Info

InformationValue
Display NameTo IDS Rules [VirusTotal Premium API]
Owner 
AuthorMaltego
Data SourceVirusTotal Premium API
Transform Namevirustotalpremium.virustotalFileToIdsRules
Short DescriptionReturns IDS rules for a file.
Input Entitiesmaltego.virustotal.File
Output Entitiesmaltego.virustotal.IdsRule

To Email Parents [VirusTotal Premium API]

Description

Returns the email files containing a given file

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
apikeyVirusTotal API Keystring TrueTrueTrue

Transform Meta Info

InformationValue
Display NameTo Email Parents [VirusTotal Premium API]
Owner 
AuthorMaltego
Data SourceVirusTotal Premium API
Transform Namevirustotalpremium.virustotalFileToEmailParents
Short DescriptionReturns the email files containing a given file
Input Entitiesmaltego.virustotal.File
Output Entitiesmaltego.virustotal.File

Raw Intelligence Search [VirusTotal Premium API]

Description

Searches VirusTotal for domains, IP addresses, files, URLs and comments using the VirusTotal Intelligence query syntax

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
apikeyVirusTotal API Keystring TrueTrueTrue

Transform Meta Info

InformationValue
Display NameRaw Intelligence Search [VirusTotal Premium API]
Owner 
AuthorMaltego
Data SourceVirusTotal Premium API
Transform Namevirustotalpremium.phraseToRawIntelligenceSearch
Short DescriptionSearches VirusTotal for domains, IP addresses, files, URLs and comments using the VirusTotal Intelligence query syntax
Input Entitiesmaltego.Phrase
Output Entitiesmaltego.IPv4Address,maltego.Domain,maltego.virustotal.File, maltego.virustotal.Comment,maltego.URL

To Contacted IP Addresses [VirusTotal Premium API]

Description

Returns the IP Addresses contacted by the URL

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
apikeyVirusTotal API Keystring TrueTrueTrue

Transform Meta Info

InformationValue
Display NameTo Contacted IP Addresses [VirusTotal Premium API]
Owner 
AuthorMaltego
Data SourceVirusTotal Premium API
Transform Namevirustotalpremium.urlToContactedIpAddresses
Short DescriptionReturns the IP Addresses contacted by the URL
Input Entitiesmaltego.URL
Output Entitiesmaltego.IPv4Address

To Analysis Results [VirusTotal Premium API]

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
apikeyVirusTotal API Keystring TrueTrueTrue

Transform Meta Info

InformationValue
Display NameTo Analysis Results [VirusTotal Premium API]
Owner 
AuthorMaltego
Data SourceVirusTotal Premium API
Output Entitiesmaltego.virustotal.AnalysisResult

Variants

Transform NameShort DescriptionInput Entities
virustotalpremium.virustotalFileToAnalysisResultsReturns the results of analyses done on the filemaltego.virustotal.File
virustotalpremium.UrlToAnalysisResultsReturns the results of analyses done on the urlmaltego.URL

URLs Analysed in Subnet [VirusTotal Premium API]

Description

Searches VirusTotal for URLs analysed in the subnet using VirusTotal intelligence query syntax

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
apikeyVirusTotal API Keystring TrueTrueTrue

Transform Meta Info

InformationValue
Display NameURLs Analysed in Subnet [VirusTotal Premium API]
Owner 
AuthorMaltego
Data SourceVirusTotal Premium API
Transform Namevirustotalpremium.cidrToAnalysedUrl
Short DescriptionSearches VirusTotal for URLs analysed in the subnet using VirusTotal intelligence query syntax
Input Entitiesmaltego.CIDR
Output Entitiesmaltego.URL

To JARM Fingerprint [VirusTotal Premium API]

Description

Returns the JARM fingerprint of the domain.

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
apikeyVirusTotal API Keystring TrueTrueTrue

Transform Meta Info

InformationValue
Display NameTo JARM Fingerprint [VirusTotal Premium API]
Owner 
AuthorMaltego
Data SourceVirusTotal Premium API
Transform Namevirustotalpremium.domainToJarmFingerprint
Short DescriptionReturns the JARM fingerprint of the domain.
Input Entitiesmaltego.Domain
Output Entitiesmaltego.Hash

To URLs in the Wild [VirusTotal Premium API]

Description

Returns a list of in the wild URLs from which the file has been downloaded

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
apikeyVirusTotal API Keystring TrueTrueTrue

Transform Meta Info

InformationValue
Display NameTo URLs in the Wild [VirusTotal Premium API]
Owner 
AuthorMaltego
Data SourceVirusTotal Premium API
Transform Namevirustotalpremium.virustotalFileToItwURLs
Short DescriptionReturns a list of in the wild URLs from which the file has been downloaded
Input Entitiesmaltego.virustotal.File
Output Entitiesmaltego.URL

To Similar Files [VirusTotal Premium API]

Description

Returns a list of similar files to a given one

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
apikeyVirusTotal API Keystring TrueTrueTrue

Transform Meta Info

InformationValue
Display NameTo Similar Files [VirusTotal Premium API]
Owner 
AuthorMaltego
Data SourceVirusTotal Premium API
Transform Namevirustotalpremium.virustotalFileToSimilarFiles
Short DescriptionReturns a list of similar files to a given one
Input Entitiesmaltego.virustotal.File
Output Entitiesmaltego.virustotal.File

To Carbon Black Parents [VirusTotal Premium API]

Description

Returns files from which a given file was derived according to Carbon Black

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
apikeyVirusTotal API Keystring TrueTrueTrue

Transform Meta Info

InformationValue
Display NameTo Carbon Black Parents [VirusTotal Premium API]
Owner 
AuthorMaltego
Data SourceVirusTotal Premium API
Transform Namevirustotalpremium.virustotalFileToCarbonBlackParents
Short DescriptionReturns files from which a given file was derived according to Carbon Black
Input Entitiesmaltego.virustotal.File
Output Entitiesmaltego.virustotal.File

To Domains in the Wild [VirusTotal Premium API]

Description

Returns a list of in the wild domain names from which the file has been downloaded

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
apikeyVirusTotal API Keystring TrueTrueTrue

Transform Meta Info

InformationValue
Display NameTo Domains in the Wild [VirusTotal Premium API]
Owner 
AuthorMaltego
Data SourceVirusTotal Premium API
Transform Namevirustotalpremium.virustotalFileToItwDomains
Short DescriptionReturns a list of in the wild domain names from which the file has been downloaded
Input Entitiesmaltego.virustotal.File
Output Entitiesmaltego.Domain

To Source Port [VirusTotal Premium API]

Description

Returns the source port that the IDS rule defines.

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
apikeyVirusTotal API Keystring TrueTrueTrue

Transform Meta Info

InformationValue
Display NameTo Source Port [VirusTotal Premium API]
Owner 
AuthorMaltego
Data SourceVirusTotal Premium API
Transform Namevirustotalpremium.idsRuleToSourcePort
Short DescriptionReturns the source port that the IDS rule defines.
Input Entitiesmaltego.virustotal.IdsRule
Output Entitiesmaltego.Port


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.

Search all Maltego Guides:

Interested? Get your free demo
Questions? Contact us

© 2024 by Maltego Technologies.