VirusTotal plugin for Maltego

Abstract

Maltego is an open-source intelligence (OSINT) and graphical link analysis tool for gathering and connecting information for investigative tasks. Being a general-purpose tool, this master’s thesis aims to its application to malware investigation. Maltego uses “transforms” to define relationships. With the goal of expanding the relationships offered by Maltego, we propose using the library “Maltego-TRX” to define transforms that include the relationships available in VirusTotal. VirusTotal is an online tool that inspects files, domains, and URLs with antivirus scanners and blacklisting services in addition to different tools for signal extraction. The information available at VirusTotal can be visualized using VirusTotal Graph, which is of great utility for malware analysis, however, it does not offer all of the features Maltego includes. In addition, we suggest the option of importing the graphs created in VirusTotal graph into Maltego in a transparent way for the user. With these improvements, the use of Maltego can be extended to malware analysis in a clearer way, given that VirusTotal data will be included in Maltego with the specific interpretation malware analysis requires.