You have been redirected from is the new home for all information regarding Maltego products. Read more about this in a message from the Paterva team and in this blog post and FAQ. close
home Transform Hub data categories - Breaches and Leaks

VirusTotal Premium API

By Maltego Technologies
Breaches and Leaks Cybersecurity CERT Cyber and Digital Forensics

VirusTotal Premium API Transforms for Maltego

VirusTotal provides a service to analyze files and URLs for viruses, worms, trojans, and other kinds of malicious content. It is one of the most renowned and best-rated data sources within the cybersecurity sphere, particularly when it comes to malware research.

Upon submitting a file or URL basic results are shared with the submitter, and also between the examining partners, who use results to improve their own systems. It inspects items with over 70 antivirus scanners and URL/domain blacklisting services, in addition to a myriad of tools to extract signals from the studied content. This core analysis is also the basis for several other features, including the VirusTotal Community: a network that allows users to comment on files and URLs and share notes with each other. VirusTotal can be useful in detecting malicious content and also in identifying false positives – normal and harmless items detected as malicious by one or more scanners.

Through collaboration between members of the antivirus industry, researchers, and end-users of all kinds; VirusTotal has built a database of over two billion analyzed files thus filling a gap for many companies which experience a lack of resources to collect their own malware samples and related indicators of compromise (IOCs).

The Premium API is a paid solution available for enterprise users. This is an extension of the Public API and can thus return more threat context, as well as expose advanced threat hunting, malware discovery endpoints, and functionality, such as the VirusTotal Intelligence Search queries. More information on the VirusTotal APIs can be found here.

The Private API has many advantages over the Public API such as a strict Service License Agreement (SLA) that guarantees availability and readiness of data, has more endpoints (similarity search, clustering, behavioral information, etc.) and returns richer information for the items looked up, exposes whitelisting, and trusted source information. allows you to choose a request rate and daily quota allowance that best suits your needs, and many more.


  • Expedite investigation and threat discovery and stop breaches by leveraging 15 years of malicious sightings to enrich and provide context around your organization’s observations and logs. 
  • Discover and analyze new threats and fashion new mitigations and defenses.
  • Further, enhance Malware investigations with VirusTotal with the use of other Hub Items available on the Maltego Transform Hub.

Typical Users of This Data

  • Threat Intelligence Teams
  • Incident Response Teams
  • Security Analysts
  • SOCs and CERTs
  • Red Teams and Penetration Testers
  • Trust and Safety Teams

Pricing & Access

Pricing Tier: Paid

Transform Hub Type: Commercial Hub

Requirements: For full solution access, Maltego One, Classic or XL license and VirusTotal Premium API subscription


Bring your own key: If you are already an existing customer of VirusTotal Premium API, simply download the VirusTotal Premium API Hub Item from the Transform Hub on the Maltego Client and enter your paid API key to start using VirusTotal data on Maltego.

If you are interested in a trial of VirusTotal data, check out the VirusTotal Public API.

For sales inquiries, kindly reach out to Maltego using the form below.


By clicking on "Send Message", you agree to the processing of the data you entered and you allow us to contact you for the purpose selected in the form. For further information, see our Data Privacy Policy.

About VirusTotal

VirusTotal was founded in 2004 as a free service that analyzes files and URLs for viruses, worms, trojans, and other kinds of malicious content. Our goal is to make the internet a safer place through collaboration between members of the antivirus industry, researchers, and end-users of all kinds. Fortune 500 companies, governments, and leading security companies are all part of the VirusTotal community, which has grown to over 500,000 registered users. VirusTotal became part of Google in 2012.

For more information, visit :

Pick the right product and get started.