VirustotalDownloader#
README
VirusTotalDownloader#
This responder comes in only 1 flavor that lets you download a sample of malware from VirusTotal by submitting a hash.
Requirements#
This responder need a valid Premium API key from VirusTotal as the virustotal_apikey parameter in the configuration.
To add the sample in Observables in TheHive, the responder also requires the URL of TheHive as the thehive_url paramenter and a valid API key as the thehive_apikey parameter.
Virustotal_Downloader#
Author: Mario Henkel @hariomenkel
License: AGPL-V3
Version: 0.1
Supported data types:
- thehive:case_artifact
Registration required: True
Subscription required: True
Free subscription: False
Third party service: https://virustotal.com
Description#
Download a file from Virustotal by its hash
Configuration#
| virustotal_apikey | Virustotal API key which should be used to download files |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| thehive_url | URL pointing to your TheHive installation, e.g. 'http://127.0.0.1:9000' |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| thehive_apikey | TheHive API key which is used to add the downloaded file back to the alert/case |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |