Entities used in Transforms

Maltego Entities

The integration uses default Maltego Entities and Malformity Labs Entities to represent observables, for compatibility with other transform sets. Recorded Future also defines several entity types that are not common Maltego or Malformity Labs entities.

These Entities are supported:

Maltego Entities

  • Alias
  • AS Number
  • Company
  • Domain
  • Email Address
  • Hash
  • IPv4 Address
  • NSRecord
  • MXRecord
  • Organization
  • Phrase
  • URL

 

Malformity Labs Entities

  • Filename
  • Mutex
  • Registry Entry – returned values are registry keys

 

Recorded Future Entities

  • Analyst Note – Research notes written by Recorded Future’s Insikt Group
  • Attack Vector – Cyber attack vector (e.g., cross site scripting, DDOS, Phishing)
  • Malware – Common malware street names (e.g., Locky, Wcry, Mirai)
  • Malware Category – Common categories of malware (e.g., Ransomware, Adware, Trojan)
  • Malware Signature – detection signature names, usually anti-virus
  • Operation – hacktivist operations and APT campaigns
  • Recorded Future Doc – a web document analyzed by Recorded Future
  • Vulnerability – NIST CVE numbers and vendor-specific advisory numbers

 

More information about Recorded Future Transforms for Maltego are available on this support page.

 

This content is confidential. Do not distribute or download content in a manner that violates your Recorded Future license agreement. Sharing this content outside of licensed Recorded Future users constitutes a breach of the terms and/or agreement and shall be considered a breach by your organization.
Was this article helpful?
0 out of 0 found this helpful

Articles in this section