You have been redirected from is the new home for all information regarding Maltego products. Read more about this in a message from the Paterva team and in this blog post and FAQ. close
home Transform Hub data categories - Infrastructure & Network Information

VirusTotal Premium API

By Maltego Technologies
Leverage 15 years of malicious sightings to enrich your organization’s malware observations and logs.
VirusTotal Premium API integration for Maltego
Infrastructure & Network Information Malware Cybercrime Incident Response

VirusTotal Premium API Transforms for Maltego 

VirusTotal provides a service to analyze files and URLs for viruses, worms, trojans, and other kinds of malicious content. It is one of the most renowned and best-rated data sources within the cybersecurity sphere, particularly when it comes to malware research. 
Upon submitting a file or URL, basic results are shared with the submitter and between the examining partners who use results to improve their own systems. It inspects items with over 70 antivirus scanners and URL/domain blacklisting services in addition to a myriad of tools to extract signals from the studied content. This core analysis is also the basis for several other features, including the VirusTotal Community: A network that allows users to comment on files and URLs and share notes with each other. VirusTotal can be useful in detecting malicious content and also in identifying false positives—Normal and harmless items detected as malicious by one or more scanners. 
Through collaboration between members of the antivirus industry, researchers, and end-users of all kinds, VirusTotal has built a database of over two billion analyzed files thus filling a gap for many companies which experience a lack of resources to collect their own malware samples and related indicators of compromise (IOCs). 

The Premium API is a paid solution available for enterprise users. This is an extension of the VirusTotal Public API and can thus return more threat context, as well as expose advanced threat hunting, malware discovery endpoints, and functionality, such as the VirusTotal Intelligence Search queries. More information on the VirusTotal APIs can be found here . 

The Premium API has many advantages over the Public API such as: 

  • A strict Service License Agreement (SLA) that guarantees availability and readiness of data 
  • Has more endpoints (similarity search, clustering, behavioral information, etc.), and returns richer information for the items looked up, exposes whitelisting, and trusted source information 
  • Allows you to choose a request rate and daily quota allowance that best suits your needs 

VirusTotal Premium API use case in Maltego

  • Threat Intelligence Teams
  • Incident Response Teams
  • Cyber and Digital Forensics Teams
  • Security Analysts
  • SOCs and CERTs
  • Red Teams and Penetration Testers
  • Trust and Safety Teams

Integration Benefits

Leverage VirusTotal Private API Data for

Incident Response
SOC analysts are often confronted with hashes, domains, IPs, and URLs for which they know nothing. VirusTotal Transforms for Maltego allows them to instantly enrich and connect them to other global sightings, gaining immediate understanding about the threat campaign and the incident’s cyber kill chain. By visually pivoting and exploring VirusTotal’s interconnections, security teams can effortlessly surface hunting and remediate IoCs to feed their network perimeter defenses and neutralize the attack and its variants.
Threat Intelligence
Security analysts can explore campaigns and track threat actors before they hit their organizations, building a proactive understanding of adversary TTPs and preventatively blocking IoCs. Most importantly, the integration allows them to easily unearth malicious artifacts yet unknown to the security industry, improving their organization’s overall security posture.
Phishing Neutralization
Thousands of users world-wide connect their SOARs, honeypots, and spam traps to VirusTotal, acting as one of the largest networks of sensors reporting on phishing attacks real-time. Anti-fraud and cybercrime investigators can use the VirusTotal Maltego Transforms to map out phishing campaigns and identify the shortest route to mitigation, pivoting over Whois lookups, typo squatting URLs, passive DNS records and other commonalities to identify pre-operational infrastructure, taking it down before it impacts customers.
Corporate Infrastructure Breach and Abuse Mitigation
VirusTotal’s daily scanning activity acts as a massive passive fingerprinting framework. Some of these observations might be tied to your Internet-exposed infrastructure. By exploring this attack surface visually and contextualizing it with VirusTotal, you can power early identification of breaches and abuse.

Pricing & Access

Community Hub
Available only with a Maltego commercial license.
Commercial Hub
Users with Maltego One have the following access or purchase options:
Bring Your Own Key (Purchase Separately)

For full solution access, plug in your existing API key or reach out to us using the form below for purchase inquiry.

To purchase VirusTotal Premium API subscription, contact:

If you are interested in a trial of VirusTotal data, check out the VirusTotal Public API.


By clicking on "Send Message", you agree to the processing of the data you entered and you allow us to contact you for the purpose selected in the form. For further information, see our Data Privacy Policy.

About VirusTotal Premium API

VirusTotal was founded in 2004 as a free service that analyzes files and URLs for viruses, worms, trojans, and other kinds of malicious content. Our goal is to make the internet a safer place through collaboration between members of the antivirus industry, researchers, and end-users of all kinds. Fortune 500 companies, governments, and leading security companies are all part of the VirusTotal community, which has grown to over 500,000 registered users. VirusTotal became part of Google in 2012.

For more information, visit