You have been redirected from is the new home for all information regarding Maltego products. Read more about this in a message from the Paterva team and in this blog post and FAQ. close

Webinar | Mapping Threat Landscape of Advanced APTs with Maltego and RiskIQ PassiveTotal

While fighting against malicious groups, identifying threat landscape and mapping attack network are often crucial for investigators to hunt down threats and criminals as well as organizations to protect themselves from attacks.

About RiskIQ PassiveTotal Data 🔗︎

With RiskIQ PassivTotal Transforms in Maltego, investigators can study the SSL certificates, associated IP addresses, and other infrastructure intelligence that help them identify patterns of criminal activities. It is a powerful resource for threat intelligence teams, security analysts, and researchers or investigators alike working in cyber security.

Access to RiskIQ PassiveTotal Data in Maltego 🔗︎

You can access the RiskIQ PassiveTotal Hub item in Maltego by participating in a free trial with limited query numbers. For full solution, a commercial Maltego license and PassiveTotal API license are required.

For more information on the free trial and full solution, please see our Transform Hub detail page here .

RiskIQ Maltego webinar screenshot

Webinar | Using RiskIQ PassiveTotal Transforms to Track Advanced APT Groups 🔗︎

This webinar demonstrates how RiskIQ PassiveTotal and its integration with Maltego help researchers and analysts identify and visualize relationships in attacker infrastructure. By tapping into the internet intelligence graph and visualizing its connections, even advanced, well-funded APTs can’t hide for long.

Experts from RiskIQ and Maltego will take a close look at their activities since 2017 and analyze how the cyber espionage APT group, OceanLotus, carried our their attacks and compromised dozens of webpages. We deep dive into how RiskIQ broke down their infrastructure by looking at SSL certificates, related domains, IP addresses, and activity timeframes.

Who is OceanLotus? 🔗︎

OceanLotus, also known as APT32, is a Vietnam-based espionage actor group active since at least 2014. This APT group commonly targets Southeast Asian nations, Vietnamese dissidents, and the manufactoring sector through various phishing campaigns.

In this webinar, you will learn:

1. Case Study: Investigating Advanced APT Group “OceanLotus” 🔗︎

  • An investigative case study on the cyber espionage group “OceanLotus” and how reporters from German Publications BR24 and Zeit Online track OceanLotus activity across Europe
  • How a custom certificate and its associated IP addresses led to the infrastructure OceanLotus uses to deploy Windows-based malware
  • How similarities between campaigns—tactics, malware, and even infrastructure—can be a strong indicator that a particular IP Address is associated with a certain APT

2. Investigative Notion: Infrastructure Chaining 🔗︎

  • Starting from a malware data input and Identifying first-layer infrastructure pivots to form a hypothesis of the attacker infrastructure
  • Using infrastructure chaining technique to predict and prevent attacks before they happen

3. Advanced Techniques Leveraging RiskIQ PassiveTotal, OSINT, and Maltego 🔗︎

  • Using link analysis and data visualization in Maltego to effectively identify data clusters, patterns, and structures, and quickly surface malware associations
  • Automating the infrastructure chaining process with Maltego Machines and enrich infrastructure data with other integrations like Shodan , VirusTotal , and more

RiskIQ Maltego webinar screenshot

Download and watch the webinar now to learn how these tools make it easier and faster for cybersecurity analysts, law enforcement agencies, and threat intelligence teams to track down advanced cybercriminal activities and networks!

Download the resource
By clicking on "Access", you agree to the processing of the data you entered and you allow us to contact you for the purpose selected in the form. For further information, see our Data Privacy Policy.
Pick the right product and get started.