Book a Demo

Intezer Analyze Transforms for Maltego

Written by
Intezer
Intezer

We are happy to introduce the Intezer Analyze plugin for Maltego. Combine insights from our malware analysis platform with Maltego’s graphical tool (And you know we love graphs). 

Maltego is a graphical intelligence tool based on open-source intelligence and forensics data. It enriches data by making connections between different entities such as files, network, accounts and more. Data linking is done by using ‘Transforms.’ Transforms are pieces of code that take an entity as an input and provide related information as an output. For example, a transform that connects a URL (input) with an IP address (output).

On Maltego’s Transform Hub you can find the plugins of many different intelligence and analysis vendors, now including Intezer!

Intezer Analyze Plugin

Intezer Analyze is a complete malware analysis tool. Gain immediate context about any malware-related artifact, including: verdict, malware family, related samples, TTPs, network IoCs and more.

The plugin can be found under the Transforms Hub.

 

 The following transforms are available in the plugin:

Transform Name

Input Entity

Description

To Dropped File Hashes [Intezer]

maltego.Hash

This transform gets files dropped by the input entity.

To Malware Family [Intezer]

maltego.Hash

This transform gets the file’s malware family name.

To Tags [Intezer]

maltego.Hash

This transform gets the file’s technical characteristics (tags).

To IoCs [Intezer]

maltego.Hash

This transform gets the file’s network IoCs.

To Related File Hashes [Intezer]

maltego.Hash

This transform gets files that share the same code with the input entity.

Take a look at the analysis of Sofacy in Intezer Analyze. You are provided with immediate malware classification, network IoCs, tags and dropped executables for the sample. This information is useful for researchers, IR, SOC and threat intelligence teams, and doesn’t require sifting through long, complicated sandbox reports to get the bottom line.


The graph below shows the output after running all of Intezer’s transforms on this file.


Key components from Intezer Anlyze’s GUI provided by the plugin include network IoCs, classification, tag, other files that share code, and the dropped executable.

All You Need is an API Key

Start using the plugin with your Intezer Analyze API key. To get an API key, sign up for free.

Next, register to Maltego and download their software.

If you do not have an API key you will be able to run up to 15 transforms. 

Go ahead and give the plugin a spin!

Intezer Analyze users can start by analyzing and classifying 50 files per month.

Intezer
Intezer

Count on Intezer Forensic AI SOC to triage, investigate and respond to every alert at unmatched speed and accuracy.

Recommended Blogs
23MIN READ

How attackers are gaining access to LLM inference

Threat actors are wiring live LLM APIs into malware to generate malicious logic at runtime, and this research maps the five routes they use to access AI models for free.
5MIN READ

A Gartner take on the MDR market in 2026

For CISOs navigating the AI era, the question is no longer whether AI will change the SOC. It is whether the current service model is the right vehicle for that change.
27MIN READ

OrBit (Re)turns: Tracking an open-source Linux rootkit across four years of forks and deployments

Explore how OrBit, a two-stage malware, has changed over the last 4 years and why it matters for defenders.