ThreatCrowd Maltego Transform

Do you need more data at your finger tips? Do you love drawing pretty network graphs? If so, the maltego transforms are for you.

You can install Maltego transforms centrally from the Seed Url:

Seed URL:

Alternatively you can install the "local transforms", though the installation is a little more involved:

This provides the following transforms, powered by

- Enrich the names of malware detections to the MD5 hashes of malware samples

- Enrich domains and IPs to historical dns resolutions and connecting malware

- Enrich MD5 hashes of malware to command and control domains and IP addresses

Questions? Bugs?
Please contact @chrisdoman or or post an issue at


  1. I found an error occurred today while using ThreatCrowd API in Maltego with the ThreatCrowd API.

    Please help me out, thanks

  2. Hi Chan,

    Good hearing from you. I've had an e-mail from a couple of other people too - are you receiving the error "HTTP error: Connection refused : connect" too?

    I'm currently looking into this and will update. Currently it looks like official Paterva may be getting the same error, so it may not be a ThreatCrowd issue.

    Are you finding other transforms are working for you?

    Many thanks,


  3. Hi again Chan,

    I'm still looking into this - it looks like there is some kind of connectivity issue between the ThreatCrowd server and the Paterva server.

    In the meantime - the local transforms still work, which are available at -

  4. Getting this error for a few of the transforms:
    Transform 'ThreatCrowdEnrichIP' returned the following error(s):
    The server responded with an HTTP 404 error, we wanted a 200!