We’re happy to announce the addition of a new integration with OpenCorporates to the Maltego Transform Hub. With the availability of OpenCorporates’ vast cache of data on companies from around the globe, we hope to add another valuable asset to the toolbox of investigators in areas like Journalism, Know Your Customer (KYC), Anti-Money Laundering (AML), Corporate Investigations, Trust and Safety or Fraud Prevention.
The integration is free to use in all Maltego editions, but for the time being requires users to first obtain their own OpenCorporates API key. This first release covers the basics of the OpenCorporates API, namely information of companies and their officers. In later releases, we plan to also integrate advanced features like corporate groupings, statements and provenance information.
Getting Started with OpenCorporates Transforms in Maltego 🔗︎
Start by installing the OpenCorporates Hub item and entering a valid OpenCorporates API key.
Typically, an investigation into a company simply starts with a name. Drag the Company Entity onto your graph from the Entity Palette and double-click its value to enter the name of the company you want to investigate. Alternatively, you could also use any Company or Organization Entity that is already on one of your graphs, for example, one resulting from a WHOIS query or network footprint.
Searching for Companies in OpenCorporates 🔗︎
To actually look up the company in OpenCorporates, call the Search Companies [OpenCorporates] Transform.
You may specify additional search filters using the Transform Settings popup, but, except for the API key field, all of these are optional and can simply be left blank. For details on what these filters mean and how to use them, please see the OpenCorporates API documentation.
After running this Transform, you will usually receive several OpenCorporates Company Entities returned to the graph which match your query. If many companies matched your query, these may be returned as a collection node, such as in the example below. In this case, a relevant candidate was selected from the results and pinned in order to remove it from the collection node.
Digging Deeper: Address Information and Reverse Address Search 🔗︎
To fetch the address of the company and return it as a Location Entity, run the To Address [OpenCorporates] Transform.
You may notice that after running this Transform on the OpenCorporates Company Entity, a blue dot is added to it. This is used to indicate that another API call to OpenCorporates was made to fetch all available details about the company, and that these full details are now populated on the Entities’ properties. This happens automatically, and generally only once per Entity: Once the properties are populated, the Transform server will not duplicate this API request for that particular Entity next time, in order to use less of your OpenCorporates API request quota. However, note that the server does not cache this information – if you run the same sequence of Transforms on a new graph, the same number of API calls may be made.
The resulting Location Entity will often only display a city and/or country in its value. By inspecting the properties, it is possible to see that in this case, a street level address was in fact returned (in which the city was not fully parsed by OpenCorporates).
Given this street-level address, it is possible to now run a reverse address search to see what other companies are registered at the same location. For this, use the Search Companies at this Address [OpenCorporates] Transform on the Location Entity.
In the example case, quite a few more Wirecard legal entities are found to be registered at the same address, which is expected given that the starting point of this investigation was Wirecard’s main “headquarters” legal entity.
Finding and Mapping Officers of Companies 🔗︎
Some of the returned results do not share any obvious affiliation with Wirecard based on their name alone. To pick an example, one of these companies is “PAYShield Services GmbH”. It’s possible to investigate further connections between this company and “Wirecard AG” by inspecting the registered officers of each respective company. Switching back to block layout, running the To Officers [OpenCorporates] Transform on both companies yields the following result:
There are a few duplicated names here, however none of the Entities were automatically merged. With respect to Maltego, this is unfortunately a built-in limitation of the way data is represented in OpenCorporates. Each officer of a company has a different OpenCorporates ID, and no disambiguation is made to determine whether an officer is the same person as an officer in another company, so they are assumed to be different people in every case, to be safe.
While this is a slightly inconvenient limitation, it is relatively easily to get around by manually merging OpenCorporates Officer Entities who can, with reasonably certainty, be assumed to be the same person. This results in the following graph:
Finding Other (Possibly) Connected Companies to an Officer 🔗︎
Finally, we want to present a practical workflow that results from the limitation described above. Since officers are not merged in OpenCorporates, a bit of extra work is required to more fully map the network of companies a given person may be involved in. The basic sequence of steps to follow is:
- Start with the Person or OpenCorporates Officer of interest
- Run the Search Officers [OpenCorporates] Transform
- For all relevant results, run the To Company [OpenCorporates] Transform
- Merge the previously returned OpenCorporates Officer Entities to clean up the graph again
Continuing the above example, this process looks as follows. First, a search for officers is run:
Next, each result is pivoted to the associated company:
Finally, after the companies are returned, the duplicate officers are merged:
This results in the structure we set out to visualize.
Start Your Own OpenCorporates Investigation in Maltego! 🔗︎
We hope you enjoyed this brief walkthrough of using OpenCorporates in Maltego and that you find these new Transforms to be a useful addition to your OSINT toolbox. We’re excited to see what investigations you’ll find these helpful for!
Use Case: Investigating Paul le Roux Affiliated Companies with OpenCorporates
In this video, security expert Andrew Fordred demonstrated how investigators can use Maltego and OpenCorporates to conduct real-life company and person-of-interest investigations. Check out his video to learn more about practical implementations of this integration!
Don’t forget to follow us on Twitter and LinkedIn or subscribe to our email newsletter to stay tuned for more product and Transform updates.