Overview
With Cofense Transforms for Maltego, investigators can search and visualize relationships between observables within a specific attack and explicitly pinpoint how attackers are delivering their malicious payloads.
By combining multiple sources of data, analysts can visualize attacks and uncover other threats that may be using similar phishing infrastructure and campaigns.
Benefits
- Correlate the attacker’s campaigns and their payloads by visually graphing and linking phishing threat
- Visualize IOC enrichment and the relationships between observables within a specific attack and between other attacks
To read more click here.
Cofense Intelligence Machines
PhishMe Intelligence Threat Feed
Pools PhishMe threat feed for new active threat reports
| Information | Value |
|---|---|
| Id | phishMe.PhishMeIntelligenceThreatFeed |
| Author | PhishMe Intelligence |
Cofense Intelligence Transforms
[Cofense Intel] Threat to URL
Transform Settings
| Display Name | Setting Type | Default Value | Optional | Popup | Authentication |
|---|---|---|---|---|---|
| Cofense, Inc. Application License Agreement at https://cofense.com/legal/integration-applications | string | To accept Type Yes | false | true | false |
| PhishMe Password | string | DefaultValue | false | false | false |
| PhishMe UserName | string | DefaultValue | false | false | false |
Transform Meta Info
| Information | Value |
|---|---|
| Display Name | [Cofense Intel] Threat to URL |
| Owner | PhishMe Intel |
| Author | solutions.engineering.intelligence.lab@phishme.com |
| Data Source | Cofense Intel |
| Transform Name | awsMalwareThreatToUrl |
| Input Entities | phishme.ThreatId |
| Output Entities | Phrase |
| Short Description |
[Cofense Intel] URL to Threat
Transform Settings
| Display Name | Setting Type | Default Value | Optional | Popup | Authentication |
|---|---|---|---|---|---|
| Cofense, Inc. Application License Agreement at https://cofense.com/legal/integration-applications | string | To accept Type Yes | false | true | false |
| PhishMe Password | string | DefaultValue | false | false | false |
| PhishMe UserName | string | DefaultValue | false | false | false |
Transform Meta Info
| Information | Value |
|---|---|
| Display Name | [Cofense Intel] URL to Threat |
| Owner | PhishMe Intel |
| Author | solutions.engineering.intelligence.lab@phishme.com |
| Data Source | Cofense Intel |
| Transform Name | awsMalwareUrlToThreat |
| Input Entities | maltego.URL |
| Output Entities | Phrase |
| Short Description |
[Cofense Intel] Threat to Domain
Transform Settings
| Display Name | Setting Type | Default Value | Optional | Popup | Authentication |
|---|---|---|---|---|---|
| Cofense, Inc. Application License Agreement at https://cofense.com/legal/integration-applications | string | To accept Type Yes | false | true | false |
| PhishMe Password | string | DefaultValue | false | false | false |
| PhishMe UserName | string | DefaultValue | false | false | false |
Transform Meta Info
| Information | Value |
|---|---|
| Display Name | [Cofense Intel] Threat to Domain |
| Owner | PhishMe Intel |
| Author | solutions.engineering.intelligence.lab@phishme.com |
| Data Source | Cofense Intel |
| Transform Name | awsMalwareThreatToDomain |
| Input Entities | phishme.ThreatId |
| Output Entities | Phrase |
| Short Description |
[Cofense Intel] Threat to IP
Transform Settings
| Display Name | Setting Type | Default Value | Optional | Popup | Authentication |
|---|---|---|---|---|---|
| Cofense, Inc. Application License Agreement at https://cofense.com/legal/integration-applications | string | To accept Type Yes | false | true | false |
| PhishMe Password | string | DefaultValue | false | false | false |
| PhishMe UserName | string | DefaultValue | false | false | false |
Transform Meta Info
| Information | Value |
|---|---|
| Display Name | [Cofense Intel] Threat to IP |
| Owner | PhishMe Intel |
| Author | solutions.engineering.intelligence.lab@phishme.com |
| Data Source | Cofense Intel |
| Transform Name | awsMalwareThreatToIp |
| Input Entities | phishme.ThreatId |
| Output Entities | Phrase |
| Short Description |
[Cofense Intel] Threat to Md5
Transform Settings
| Display Name | Setting Type | Default Value | Optional | Popup | Authentication |
|---|---|---|---|---|---|
| Cofense, Inc. Application License Agreement at https://cofense.com/legal/integration-applications | string | To accept Type Yes | false | true | false |
| PhishMe Password | string | DefaultValue | false | false | false |
| PhishMe UserName | string | DefaultValue | false | false | false |
Transform Meta Info
| Information | Value |
|---|---|
| Display Name | [Cofense Intel] Threat to Md5 |
| Owner | PhishMe Intel |
| Author | solutions.engineering.intelligence.lab@phishme.com |
| Data Source | Cofense Intel |
| Transform Name | awsMalwareThreatToMd5 |
| Input Entities | phishme.ThreatId |
| Output Entities | Phrase |
| Short Description |
[Cofense Intel] Threat to Malware Family
Transform Settings
| Display Name | Setting Type | Default Value | Optional | Popup | Authentication |
|---|---|---|---|---|---|
| Cofense, Inc. Application License Agreement at https://cofense.com/legal/integration-applications | string | To accept Type Yes | false | true | false |
| PhishMe Password | string | DefaultValue | false | false | false |
| PhishMe UserName | string | DefaultValue | false | false | false |
Transform Meta Info
| Information | Value |
|---|---|
| Display Name | [Cofense Intel] Threat to Malware Family |
| Owner | PhishMe Intel |
| Author | solutions.engineering.intelligence.lab@phishme.com |
| Data Source | Cofense Intel |
| Transform Name | awsMalwareThreatToMalwareFamily |
| Input Entities | phishme.ThreatId |
| Output Entities | Phrase |
| Short Description |
[Cofense Intel] IP to Threat
Transform Settings
| Display Name | Setting Type | Default Value | Optional | Popup | Authentication |
|---|---|---|---|---|---|
| Cofense, Inc. Application License Agreement at https://cofense.com/legal/integration-applications | string | To accept Type Yes | false | true | false |
| PhishMe Password | string | DefaultValue | false | false | false |
| PhishMe UserName | string | DefaultValue | false | false | false |
Transform Meta Info
| Information | Value |
|---|---|
| Display Name | [Cofense Intel] IP to Threat |
| Owner | PhishMe Intel |
| Author | solutions.engineering.intelligence.lab@phishme.com |
| Data Source | Cofense Intel |
| Transform Name | awsMalwareIpToThreat |
| Input Entities | maltego.IPv4Address |
| Output Entities | Phrase |
| Short Description |
[Cofense Intel] Domain to Threat
Transform Settings
| Display Name | Setting Type | Default Value | Optional | Popup | Authentication |
|---|---|---|---|---|---|
| Cofense, Inc. Application License Agreement at https://cofense.com/legal/integration-applications | string | To accept Type Yes | false | true | false |
| PhishMe Password | string | DefaultValue | false | false | false |
| PhishMe UserName | string | DefaultValue | false | false | false |
Transform Meta Info
| Information | Value |
|---|---|
| Display Name | [Cofense Intel] Domain to Threat |
| Owner | PhishMe Intel |
| Author | solutions.engineering.intelligence.lab@phishme.com |
| Data Source | Cofense Intel |
| Transform Name | awsMalwareDomainToThreat |
| Input Entities | maltego.Domain |
| Output Entities | Phrase |
| Short Description |
[Cofense Intel] Malware Family to Threat
Transform Settings
| Display Name | Setting Type | Default Value | Optional | Popup | Authentication |
|---|---|---|---|---|---|
| Cofense, Inc. Application License Agreement at https://cofense.com/legal/integration-applications | string | To accept Type Yes | false | true | false |
| PhishMe Password | string | DefaultValue | false | false | false |
| PhishMe UserName | string | DefaultValue | false | false | false |
Transform Meta Info
| Information | Value |
|---|---|
| Display Name | [Cofense Intel] Malware Family to Threat |
| Owner | PhishMe Intel |
| Author | solutions.engineering.intelligence.lab@phishme.com |
| Data Source | Cofense Intel |
| Transform Name | awsMalwareMalwareFamilyToThreat |
| Input Entities | phishme.MalwareFamily |
| Output Entities | Phrase |
| Short Description |
[Cofense Intel] Threat to Email Subject
Transform Settings
| Display Name | Setting Type | Default Value | Optional | Popup | Authentication |
|---|---|---|---|---|---|
| Cofense, Inc. Application License Agreement at https://cofense.com/legal/integration-applications | string | To accept Type Yes | false | true | false |
| PhishMe Password | string | DefaultValue | false | false | false |
| PhishMe UserName | string | DefaultValue | false | false | false |
Transform Meta Info
| Information | Value |
|---|---|
| Display Name | [Cofense Intel] Threat to Email Subject |
| Owner | PhishMe Intel |
| Author | solutions.engineering.intelligence.lab@phishme.com |
| Data Source | Cofense Intel |
| Transform Name | awsMalwareThreatToEmailSubject |
| Input Entities | phishme.ThreatId |
| Output Entities | Phrase |
| Short Description |
[Cofense Intel] Threat to Sender IP
Transform Settings
| Display Name | Setting Type | Default Value | Optional | Popup | Authentication |
|---|---|---|---|---|---|
| Cofense, Inc. Application License Agreement at https://cofense.com/legal/integration-applications | string | To accept Type Yes | false | true | false |
| PhishMe Password | string | DefaultValue | false | false | false |
| PhishMe UserName | string | DefaultValue | false | false | false |
Transform Meta Info
| Information | Value |
|---|---|
| Display Name | [Cofense Intel] Threat to Sender IP |
| Owner | PhishMe Intel |
| Author | solutions.engineering.intelligence.lab@phishme.com |
| Data Source | Cofense Intel |
| Transform Name | awsMalwareThreatToSenderip |
| Input Entities | phishme.ThreatId |
| Output Entities | Phrase |
| Short Description |
[Cofense Intel] Threat to Sender Domain
Transform Settings
| Display Name | Setting Type | Default Value | Optional | Popup | Authentication |
|---|---|---|---|---|---|
| Cofense, Inc. Application License Agreement at https://cofense.com/legal/integration-applications | string | To accept Type Yes | false | true | false |
| PhishMe Password | string | DefaultValue | false | false | false |
| PhishMe UserName | string | DefaultValue | false | false | false |
Transform Meta Info
| Information | Value |
|---|---|
| Display Name | [Cofense Intel] Threat to Sender Domain |
| Owner | PhishMe Intel |
| Author | solutions.engineering.intelligence.lab@phishme.com |
| Data Source | Cofense Intel |
| Transform Name | awsMalwareThreatToSenderDomain |
| Input Entities | phishme.ThreatId |
| Output Entities | Phrase |
| Short Description |
[Cofense Intel] Threat to Sender Email
Transform Settings
| Display Name | Setting Type | Default Value | Optional | Popup | Authentication |
|---|---|---|---|---|---|
| Cofense, Inc. Application License Agreement at https://cofense.com/legal/integration-applications | string | To accept Type Yes | false | true | false |
| PhishMe Password | string | DefaultValue | false | false | false |
| PhishMe UserName | string | DefaultValue | false | false | false |
Transform Meta Info
| Information | Value |
|---|---|
| Display Name | [Cofense Intel] Threat to Sender Email |
| Owner | PhishMe Intel |
| Author | solutions.engineering.intelligence.lab@phishme.com |
| Data Source | Cofense Intel |
| Transform Name | awsMalwareThreatToSenderNames |
| Input Entities | phishme.ThreatId |
| Output Entities | Phrase |
| Short Description |
[Cofense Intel] Md5 to Threat
Transform Settings
| Display Name | Setting Type | Default Value | Optional | Popup | Authentication |
|---|---|---|---|---|---|
| Cofense, Inc. Application License Agreement at https://cofense.com/legal/integration-applications | string | To accept Type Yes | false | true | false |
| PhishMe Password | string | DefaultValue | false | false | false |
| PhishMe UserName | string | DefaultValue | false | false | false |
Transform Meta Info
| Information | Value |
|---|---|
| Display Name | [Cofense Intel] Md5 to Threat |
| Owner | PhishMe Intel |
| Author | solutions.engineering.intelligence.lab@phishme.com |
| Data Source | Cofense Intel |
| Transform Name | awsMalwareMd5toThreat |
| Input Entities | maltego.Hash |
| Output Entities | Phrase |
| Short Description |
[Cofense Intel] Threat to Email
Transform Settings
| Display Name | Setting Type | Default Value | Optional | Popup | Authentication |
|---|---|---|---|---|---|
| Cofense, Inc. Application License Agreement at https://cofense.com/legal/integration-applications | string | To accept Type Yes | false | true | false |
| PhishMe Password | string | DefaultValue | false | false | false |
| PhishMe UserName | string | DefaultValue | false | false | false |
Transform Meta Info
| Information | Value |
|---|---|
| Display Name | [Cofense Intel] Threat to Email |
| Owner | PhishMe Intel |
| Author | solutions.engineering.intelligence.lab@phishme.com |
| Data Source | Cofense Intel |
| Transform Name | awsMalwareThreatToEmail |
| Input Entities | phishme.ThreatId |
| Output Entities | Phrase |
| Short Description |