You can install Maltego transforms centrally from the Seed Url:
Seed URL: https://cetas.paterva.com/TDS/runner/showseed/threatcrowdSeeeed
Alternatively you can install the "local transforms", though the installation is a little more involved: https://github.com/threatcrowd/ThreatCrowd-Maltego
This provides the following transforms, powered by ThreatCrowd.org
- Enrich the names of malware detections to the MD5 hashes of malware samples
- Enrich domains and IPs to historical dns resolutions and connecting malware
- Enrich MD5 hashes of malware to command and control domains and IP addresses
Questions? Bugs?
Please contact @chrisdoman or threatcrowd@gmail.com or post an issue at https://github.com/threatcrowd/ThreatCrowd-Maltego
I found an error occurred today while using ThreatCrowd API in Maltego with the ThreatCrowd API.
ReplyDeletePlease help me out, thanks
Hi Chan,
ReplyDeleteGood hearing from you. I've had an e-mail from a couple of other people too - are you receiving the error "HTTP error: Connection refused : connect" too?
I'm currently looking into this and will update. Currently it looks like official Paterva may be getting the same error, so it may not be a ThreatCrowd issue.
Are you finding other transforms are working for you?
Many thanks,
Chris
Hi again Chan,
ReplyDeleteI'm still looking into this - it looks like there is some kind of connectivity issue between the ThreatCrowd server and the Paterva server.
In the meantime - the local transforms still work, which are available at - https://github.com/threatcrowd/ThreatCrowd-Maltego
Getting this error for a few of the transforms:
ReplyDeleteTransform 'ThreatCrowdEnrichIP' returned the following error(s):
The server https://www.threatcrowd.org/searchApi/maltego/v1/api.php?key=7ee8385b12a48307b3fcc616391c3c12 responded with an HTTP 404 error, we wanted a 200!