VirustotalDownloader
Virustotal_Downloader
Details
Author |
Mario Henkel @hariomenkel |
Version |
0.1 |
License |
AGPL-V3 |
Requires Registration |
Yes |
Requires Subscription |
Yes |
Free Subscription Available |
No |
DataType Supported |
thehive:case_artifact |
Service Homepage |
Description
Download a file from Virustotal by its hash
Configuration
Name |
Description |
virustotal_apikey |
Virustotal API key which should be used to download files |
thehive_url |
URL pointing to your TheHive installation, e.g. ‘http://127.0.0.1:9000’ |
thehive_apikey |
TheHive API key which is used to add the downloaded file back to the alert/case |
Additional details from the README file:
VirusTotalDownloader
This responder comes in only 1 flavor that lets you download a sample of malware from VirusTotal by submitting a hash.
Requirements
This responder need a valid Premium API key from VirusTotal as the virustotal_apikey parameter in the configuration.
To add the sample in Observables in TheHive, the responder also requires the URL of TheHive as the thehive_url paramenter and a valid API key as the thehive_apikey parameter.