Skip to content

VirustotalDownloader#

README

VirusTotalDownloader#

This responder comes in only 1 flavor that lets you download a sample of malware from VirusTotal by submitting a hash.

Requirements#

This responder need a valid Premium API key from VirusTotal as the virustotal_apikey parameter in the configuration. To add the sample in Observables in TheHive, the responder also requires the URL of TheHive as the thehive_url paramenter and a valid API key as the thehive_apikey parameter.

Virustotal_Downloader#

Author: Mario Henkel @hariomenkel
License: AGPL-V3
Version: 0.1
Supported data types:
- thehive:case_artifact
Registration required: True
Subscription required: True
Free subscription: False
Third party service: https://virustotal.com

Description#

Download a file from Virustotal by its hash

Configuration#

virustotal_apikey Virustotal API key which should be used to download files
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
thehive_url URL pointing to your TheHive installation, e.g. 'http://127.0.0.1:9000'
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
thehive_apikey TheHive API key which is used to add the downloaded file back to the alert/case
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True

Last update: November 15, 2021 06:39:14