You have been redirected from paterva.com. Maltego.com is the new home for all information regarding Maltego products. Read more about this in a message from the Paterva team and in this blog post and FAQ. close
home Transform Hub

VirusTotal Public API

By Maltego Technologies
Leverage 15 years of malicious sightings to enrich your organization’s malware observations and logs.
VirusTotal Public API integration for Maltego

Solution Brief

Download Now

Webinar

Watch Now

Technical Documentation

Read More

VirusTotal Public API Transforms for Maltego 

VirusTotal is a service that analyzes files and URLs for viruses, worms, trojans, and other kinds of malicious content. 

It provides as a free service a public API that allows for automation of some of its online features such as upload and scan files, submit and scan URLs, access finished scan reports, and make automatic comments on URLs and samples.  

With the VirusTotal Transforms for Maltego, investigators can query the VirusTotal Public API for information about IP Addresses, Hashes, Domains, and URLs directly within Maltego. There is also a paid version of VirusTotal that allows customers to examine any file uploaded to the service. 

Kindly note that some restrictions apply for requests made through the public API, such as requiring an individual API key freely obtained by signing up online, low priority scan queue, and limited number of requests. 

VirusTotal Public API use case in Maltego

Typical Users of VirusTotal Public API Data

  • Threat Intelligence Teams
  • Incident Response Teams
  • Cyber and Digital Forensics Teams
  • Security Analysts
  • SOCs and CERTs
  • Red Teams and Penetration Testers
  • Trust and Safety Teams

Integration Benefits

Leverage VirusTotal Public API Data for

Incident Response
SOC analysts are often confronted with hashes, domains, IPs, and URLs which they know nothing about. VirusTotal Transforms for Maltego allows them to instantly enrich and connect them to other global sightings, gaining immediate understanding about the threat campaign and the incident’s cyber kill chain. By visually pivoting and exploring VirusTotal’s interconnections, security teams can effortlessly surface hunting and remediate IoCs to feed their network perimeter defenses and neutralize the attack and its variants.
Threat Intelligence
Security analysts can explore campaigns and track threat actors before they hit their organizations, building a proactive understanding of adversary TTPs and preventatively blocking IoCs. Most importantly, the integration allows them to easily unearth malicious artifacts yet unknown to the security industry, improving their organization’s overall security posture.
Phishing Neutralization
Thousands of users world-wide connect their SOARs, honeypots, and spam traps to VirusTotal, acting as one of the largest networks of sensors reporting on phishing attacks real-time. Anti-fraud and cybercrime investigators can use the VirusTotal Maltego Transforms to map out phishing campaigns and identify the shortest route to mitigation, pivoting over Whois lookups, typo squatting URLs, passive DNS records and other commonalities to identify pre-operational infrastructure, taking it down before it impacts customers.
Corporate Infrastructure Breach and Abuse Mitigation
VirusTotal’s daily scanning activity acts as a massive passive fingerprinting framework. Some of these observations might be tied to your Internet-exposed infrastructure. By exploring this attack surface visually and contextualizing it with VirusTotal, you can power early identification of breaches and abuse.

Pricing & Access

Community Hub
Available for users with Maltego CE.
Free (API Key Required)

Register here for your free VirusTotal Public API key and install the Hub item directly on your Maltego Desktop Client to get started.

Note: Transform runs are subjected to rate-limiting by VirusTotal. Please refer to this page for details on rate-limiting.

Commercial Hub
Users with Maltego One have the following access or purchase options:
Free (API Key Required)

Register here for your free VirusTotal Public API key and install the Hub item directly on your Maltego Desktop Client to get started.

Note: Transform runs are subjected to rate-limiting by VirusTotal. Please refer to this page for details on rate-limiting.

Resources

Articles
Enhance Malware Investigations with Maltego and VirusTotal
Articles
Rapid Analysis for Incident Response with VirusTotal and Maltego
Articles
Using Maltego to Identify C2 Malware and Phishing Threats Targeting Your Organization
Articles
Investigate TA505 Threat Actor Group Using Maltego
Articles
Tracking Typosquatting and Brand Monitoring with Maltego
Webinars
Webinar | Visual Investigations: Speed Up Incident Response, Forensics Analysis, and Hunting!
Webinars
Webinar | Understanding the Weakest Links: Supply Chain Attacks Intelligence Insight
Briefs
VirusTotal Solution in Maltego
Videos
How to Investigate Phishing Campaigns Using Maltego in 5 Minutes
Videos
How to Conduct Network Footprinting Using Maltego in 5 Minutes
Technical Docs
Maltego Documentation Of VirusTotal Premium and Public API Transforms

Close

Contact


By clicking on "Send Message", you agree to the processing of the data you entered and you allow us to contact you for the purpose selected in the form. For further information, see our Data Privacy Policy.

About VirusTotal

VirusTotal was founded in 2004 as a free service that analyzes files and URLs for viruses, worms, trojans and other kinds of malicious content. Virus Total’s goal is to make the internet a safer place through collaboration between members of the antivirus industry, researchers and end users of all kinds. Fortune 500 companies, governments and leading security companies are all part of the VirusTotal community, which has grown to over 500,000 registered users. VirusTotal became part of Google in 2012.

For more information, visit: https://www.virustotal.com/gui/.