ThreatCrowd Maltego Transform

Do you need more data at your finger tips? Do you love drawing pretty network graphs? If so, the Threatcrowd.org maltego transforms are for you.



You can install Maltego transforms centrally from the Seed Url:

Seed URL: https://cetas.paterva.com/TDS/runner/showseed/threatcrowdSeeeed




Alternatively you can install the "local transforms", though the installation is a little more involved: https://github.com/threatcrowd/ThreatCrowd-Maltego


This provides the following transforms, powered by ThreatCrowd.org

- Enrich the names of malware detections to the MD5 hashes of malware samples




- Enrich domains and IPs to historical dns resolutions and connecting malware






- Enrich MD5 hashes of malware to command and control domains and IP addresses



Questions? Bugs?
Please contact @chrisdoman or threatcrowd@gmail.com or post an issue at https://github.com/threatcrowd/ThreatCrowd-Maltego

4 comments:

  1. I found an error occurred today while using ThreatCrowd API in Maltego with the ThreatCrowd API.

    Please help me out, thanks

    ReplyDelete
  2. Hi Chan,

    Good hearing from you. I've had an e-mail from a couple of other people too - are you receiving the error "HTTP error: Connection refused : connect" too?

    I'm currently looking into this and will update. Currently it looks like official Paterva may be getting the same error, so it may not be a ThreatCrowd issue.

    Are you finding other transforms are working for you?

    Many thanks,

    Chris

    ReplyDelete
  3. Hi again Chan,

    I'm still looking into this - it looks like there is some kind of connectivity issue between the ThreatCrowd server and the Paterva server.

    In the meantime - the local transforms still work, which are available at - https://github.com/threatcrowd/ThreatCrowd-Maltego

    ReplyDelete
  4. Getting this error for a few of the transforms:
    Transform 'ThreatCrowdEnrichIP' returned the following error(s):
    The server https://www.threatcrowd.org/searchApi/maltego/v1/api.php?key=7ee8385b12a48307b3fcc616391c3c12 responded with an HTTP 404 error, we wanted a 200!

    ReplyDelete