Overview
Intezer Transforms for Maltego enable Threat Intelligence Teams and Malware Investigators to automate end-to-end malware analysis investigations.
Intezer’s integration with Maltego provides a unique layer of the relation between different files that share the same DNA. The combination of Intezer’s malware classification and Maltego’s visualization allows threat intelligence teams to streamline their malware analysis process.
Intezer Analyze is an all-in-one malware analysis platform, helping incident response and SOC teams streamline the investigation of any malware-related incident. With the Intezer Transforms, malware investigators and threat analysts can get answers quickly about any suspicious file or endpoint, classify suspicious files and machines in seconds, accelerate response time, and consolidate multiple malware analysis tools into one.
Intezer uses both static and dynamic sandbox execution for code extraction, together with other artifacts such as network Indicators of Compromise (IOC), which are also available in Intezer’s Maltego integration.
With Intezer Transforms, investigators can optimize their cyber malware analysis process by:
- Retrieving a malware classification based on malware family resolution.
- Uncovering related files based on code reuse.
- Extracting dynamic IOCs such as dropped executables and network behavior.
To read more about the integration benefits and how investigators can leverage Intezer data, visit our website here.
Pricing and Access
Pricing Tier
- Free Trial (15 free Transform runs per month), Bring your own key
- Requirements: For full solution access, Maltego One and an Intezer subscription is required
Access
- Free Trial - No API key required, install directly from Data Hub on the Maltego Graph application. Free tier usage is restricted to 15 Transform Runs per month.
- Bring Your Own Key- Plugin your Intezer Analyze API key to start using the Transforms. To get an Intezer Analyze API key, you can start by signing up for free and creating a community account here: https://analyze.intezer.com/create-account
Intezer Analyze Transforms
To IOCs [Intezer]
Description
This Transform retrieves the file’s network IOC.
Transform Settings
| Display Name | Setting Type | Default Value | Optional | Popup | Authentication |
|---|---|---|---|---|---|
| APIkey | string | True | False | False |
Transform Meta Info
| Information | Value |
|---|---|
| Display Name | To IOCs [Intezer] |
| Owner | Intezer |
| Author | avigayil@intezer.com |
| Data Source | Intezer |
| Transform Name | IntezerGetIOC |
| Input Entities | maltego.Hash |
| Output Entities | Phrase |
| Short Description | This Transform retrieves the file’s network IOC. |
To Tags [Intezer]
Description
This transform gets the file’s technical characteristics (tags)
Transform Settings
| Display Name | Setting Type | Default Value | Optional | Popup | Authentication |
|---|---|---|---|---|---|
| APIkey | string | True | False | False |
Transform Meta Info
| Information | Value |
|---|---|
| Display Name | To Tags [Intezer] |
| Owner | Intezer |
| Author | avigayil@intezer.com |
| Data Source | Intezer |
| Transform Name | IntezerGetFileInfo |
| Input Entities | maltego.Hash |
| Output Entities | Phrase |
| Short Description | This transform gets the file’s technical characteristics (tags) |
To Malware Family [Intezer]
Description
This transform gets the file’s malware family name
Transform Settings
| Display Name | Setting Type | Default Value | Optional | Popup | Authentication |
|---|---|---|---|---|---|
| APIkey | string | True | False | False |
Transform Meta Info
| Information | Value |
|---|---|
| Display Name | To Malware Family [Intezer] |
| Owner | Intezer |
| Author | avigayil@intezer.com |
| Data Source | Intezer |
| Transform Name | IntezerGetFamily |
| Input Entities | maltego.Hash |
| Output Entities | Phrase |
| Short Description | This transform gets the file’s malware family name |
To Dropped File Hashes [Intezer]
Description
This transform gets files dropped by the input entity
Transform Settings
| Display Name | Setting Type | Default Value | Optional | Popup | Authentication |
|---|---|---|---|---|---|
| APIkey | string | True | False | False |
Transform Meta Info
| Information | Value |
|---|---|
| Display Name | To Dropped File Hashes [Intezer] |
| Owner | Intezer |
| Author | avigayil@intezer.com |
| Data Source | Intezer |
| Transform Name | IntezerGetDroppedFiles |
| Input Entities | maltego.Hash |
| Output Entities | Phrase |
| Short Description | This transform gets files dropped by the input entity |
To Related File Hashes [Intezer]
Description
This transform gets files that share the same code with the input entity
Transform Settings
| Display Name | Setting Type | Default Value | Optional | Popup | Authentication |
|---|---|---|---|---|---|
| APIkey | string | True | False | False |
Transform Meta Info
| Information | Value |
|---|---|
| Display Name | To Related File Hashes [Intezer] |
| Owner | Intezer |
| Author | avigayil@intezer.com |
| Data Source | Intezer |
| Transform Name | IntezerGetRelatedFiles |
| Input Entities | maltego.Hash |
| Output Entities | Phrase |
| Short Description | This transform gets files that share the same code with the input entity |