Special thanks to Bob McArdle (@bobmcardle) for writing all the transforms!
Maltego has long been a favoured tool of threat intelligence analysts and researchers for searching, linking and pivoting on data - and we wanted to open up ThreatMiners data in the same way. Installing the ThreatMiner transforms could not be easier, you can simply install them directly from the Maltego Transform Hub.
Just in case, here's the transform seed: http://cetas.paterva.com/TDS/runner/showseed/ThreatMiner
Rather than providing detailed descriptions of every transform, we've included a full list below of which ones we have added - all of which should be very self explanatory to existing users of ThreatMiner. Also in the Detail View for each transform result you will find a link to the same data viewable via your browser on the ThreatMiner site:
The transforms are all designed to make the ThreatMiner data as easy to pivot through as possible, but we also wanted them to integrate seemlessly with other popular free and paid transforms you may be using. With that in mind, a short note on entities used.
We have made a point of including no dedicated custom entities in here, but rather reusing entities others have created (with their permission) so you can also easily then move from ThreatMiner data to others seemlessly. There is no need to install anything for these
A big thanks to Steven, Keith, Brandon and Steve for permission to use those.
At this point in things related to Maltego you would now watch a very impressive and stylish video showing all the transforms at work. Sadly we don't have a fraction of the skill of Roelof, so here is a screenShot and an example use case instead :)Use case:
As normal, while care was taken not to have bugs in our code and the transforms where heavily tested ... there almost certainly is bugs we have not found (its code after all). For any bugs found, or feature requests please email at threatminermaltegotransforms [at] gmail.com.