Register for our next deep dive! Who is Behind Portal Kombat? Exposing the Pravda Disinformation Machine with OSINT on Thursday, June 27, 2024, at 16:00 CET. Grab your spot now! close

Intel 471

By Intel 471 Inc.
Get Adversary, Malware, and Vulnerability Intelligence to support security operation teams.
# Deep and Dark Web # Malware # Counter-terrorism # Cybercrime
Intel 471 integration for Maltego

Intel 471 Transforms for Maltego

Integrating Intel 471 intelligence with Maltego enables proactive security teams with the following industry-leading intelligence:

Adversary Intelligence

  • Collections from the Deep and Dark Web (Intel 471 Pro Only)
  • Tactical, Operational, and Strategic Adversary Reporting

Malware Intelligence

  • Malware reports covering the adversary, detection and infrastructure components of the malware family
  • Technical Intelligence

Vulnerability Intelligence

  • Trending vulnerabilities within the threat actor ecosystem

Maltego’s ability to provide graphical link analyses allows for security teams to visualize threat profiles to support threat intelligence, threat hunting, patch management, Security Operations Centers, and Incident Response teams.

Intel 471 data in Maltego

Typical Users of Intel 471 Data

  • Threat Intelligence Teams
  • Security Analysts
  • SOCs and CERTs
  • Fraud Analysts
  • Law Enforcement
  • Vulnerability and Patch Management
  • Incident Response / Threat Hunting

Integration Benefits

Cybercriminal Underground Insights

The Intel 471 Deep and Dark Web Collections data will enable you to gain an insight into the anatomy of the cybercriminal underground, broken down into three distinct areas:

  • Products: Specific malware that is developed and sold to facilitate criminal activity
  • Goods: Sensitive data exfiltrated from businesses across the globe
  • Services: Bulletproof hosting services, enabling underground criminal activity to continue at an unprecedented rate

Additionally, the data provides you an opportunity to identify indicators and warnings such as the development of attack vectors and intended targets.

Adversary Intelligence

  • Time-sensitive insight and operational knowledge of the tactics, techniques, and methodologies of cybercriminals
  • Local human intelligence reporting from globally dispersed intelligence operators and native speakers who engage with top-tier cybercriminals on an ongoing basis
  • Automated aggregation of relevant cybercriminal activity

Malware Intelligence

  • Actively track weaponized and productionized threats that could cause security breaches, revenue loss, and customer harm.
  • Gain real-time monitoring of malware activity and command and control infrastructures that’s paired with targeted human analysis.
  • Tap Intel 471’s stream of technical indicators, campaign reporting and deep technical insights on top malware families to harden your defenses against the latest threats.

Vulnerability Intelligence

  • A lifecycle view of vulnerabilities, including weaponized and productionized threats
  • Ongoing monitoring and reporting of key vulnerabilities, prioritized by risk and impact
  • Understand how threats are changing, prioritize patches, and reduce your risks over time

Leverage Intel 471 Data for

Threat Actor Interest Levels

With the breadth of threat actor information, Intel 471 transform users can also identify relevant posts and messages based on keyword searches across a variety of illicit forums, marketplaces, and messaging services. You will be able to identify any posts of interest based on the example keyword and assess the rate of frequency/interest in topics matching your keyword.

Emerging Threat Actor Tools & Techniques

With Intel 471’s large repository of malware families, you will be able to identify state-changes or updates to malware families and development of new families. In addition, with actors advertising their tools and techniques, you will be able to identify new emerging threat vectors targeting different industries and/or regions.

Threat Actor Modeling

Ability to build out threat actor profiles based on illicit actor’s engagements on different illicit forums, messaging services, and marketplaces. Additionally, Intel 471 transform users will be able to understand the growth of capability of threat actors by viewing their original activity to current state and which actors they have cooperated and partnered with to expand their capability.
Read more

Pricing & Access

Community Hub
Available only with a Maltego commercial license.
Commercial Hub
Users with Maltego One have the following access or purchase options:
Data Subscriptions
Simply purchase our flexible data subscriptions on our webshop.
Bring Your Own Key (Purchase Separately)
For full solution access, plug in your existing API key or reach out to us using the form below for purchase inquiry.



Enrich Threat Intelligence and Criminal Investigations with Intel 471 Transforms and Data Subscriptions


Chasing DarkSide Affiliates: Identifying Threat Actors Connected to Darkside Ransomware Using Maltego & Intel 471


Automate Investigations with Maltego Machines – Part 2: Our New Cybersec & SOCMINT Machines


Investigator Toolkit August 2022: Cheat Sheets for Faster and Spot-on Workflows


Webinar | Know Your Adversary: Enrich Your Investigations with Cybercrime Intelligence


Webinar | Brand Protection in Healthcare in Times of COVID-19: Examining Fake Vaccine Passports & Criminal Supply Chain


Intel 471 Data Integration in Maltego


Maltego Terms and Conditions for Data Integration


Intel 471 Terms of Service

Data subscriptions for Maltego

Simplified Data Access for Maltego Customers

For Internal Security
For Internal Security
Buy online
For Service Providers
For Service Providers
Buy online

1. Who is Intel 471?

Intel 471 provides in-depth and globally relevant coverage and tracking of sophisticated, financially motivated cybercriminals, hacktivists and other threats targeting organizations, their customers, employees, and suppliers. The Intel 471 Transforms in Maltego supports cyber security teams, law enforcement agencies, Trust & Safety investigators, and researchers in querying and mapping deep and dark web data and threat intelligence in a visualized graph.

2. What can I do with Intel 471 data?

The Intel 471 Transforms enable investigators to visualize threat profiles and map the relationships between digital evidence of cyber-criminal activities. This enables investigators to gain time-sensitive insights and operational knowledge of the tactics, techniques, and methodologies of cybercriminals, all compiled from and aggregated by globally dispersed operations and native speakers actively engaging with top-tier cybercriminals.

3. Can I use it with the Community Edition of Maltego?

No, a commercial edition (Maltego One, Classic or XL) is required to use Intel 471 data within Maltego.

4. How can I access or purchase Intel 471 data to use in Maltego?

If you already have an Intel 471 API key, simply install the Intel 471 Hub item to use this data. If you do not have an Intel 471 API key and are interested in using this data, you can purchase Intel 471 data subscriptions in our webshop. If you are interested in full access to the Intel 471 data integration, please reach out to us using the form below.

5. What is a Transform Run?

Whenever a user runs a Transform on an input Entity, it is counted as a Transform Run. A Transform Run is counted irrespective of the number of results it yields. If a user runs a single Transform on five input Entities, five Transform Runs are counted against a data subscription’s Transform Run quota. Transform runs purchased within a data subscription quota cannot be transferred to other data integrations or future subscription periods.

6. Are there any other requirements to get Intel 471 data access?

For Intel 471 data access, you will need:

  • A valid commercial Maltego license edition (Maltego One, Classic or XL)
  • An Intel 471 API key or a Maltego Intel 471 data subscription

In order to use Maltego data subscriptions, you must first agree to the following terms and conditions:

Furthermore, each data subscription purchase is subject to a Know Your Customer (KYC) vetting process according to the respective terms of use for the data in question. Due to the often-sensitive nature of data, access is generally reserved for vetted organizations with legitimate use cases commonly associated with organizations. Thus, after placing an order request in the web-shop or via our sales team, customers need to undergo a KYC vetting process before the purchase can be completed and they can make use of the data subscription.

7. Who can purchase the Intel 471 data subscriptions for “Internal Security” teams?

The Intel 471 Internal Security data subscriptions are designed for professionals and teams who use the data to protect their own internal systems and organizations.

8. Who can purchase the Intel 471 data subscriptions for “Service Providers?”

The Intel 471 Service Provider data subscriptions are for professionals and teams who use the data to provide security services to their customer base.


Reach out to us to learn more about this data integration and how to access it.
By clicking on "Send Message", you agree to the processing of the data you entered and you allow us to contact you for the purpose selected in the form. For further information, see our Data Privacy Policy.

About Intel 471

Intel 471’s Cybercrime Intelligence provides in-depth coverage and tracking of sophisticated, financially motivated cybercriminals, hacktivists, and other threats from across the globe that target organizations, their customers, employees, and suppliers. Intel 471 provides the intelligence to arm organizations with deep, actionable insights into these threat actors, their motivations, tools/malware, techniques, and alliances – and, ultimately, provides the information and context required to understand and stay ahead of the threat.

For more information, visit