OpenDXL
Security Intelligence Sharing
VirusTotal DXL Service 0.2.0
- opendxl
- 4.8k Downloads
- 0 Comments
Overview
The VirusTotal DXL service exposes access to the VirusTotal API via the Data Exchange Layer (DXL) fabric.
Documentation
See the Wiki for an overview of the VirusTotal API DXL Python service and usage examples.
See the VirusTotal API DXL Python service documentation for installation instructions, API documentation, and usage examples.
Icon by Neurovit licensed under Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0).
-
Version 0.2.0
- 1.2k Downloads
VirusTotal API DXL Python Service 0.2.0 Release
- Updated to support both Python 2 and 3
-
Version 0.1.2
- 1.2k Downloads
VirusTotal API DXL Python Service 0.1.2 Release
- Updated to be consistent with bootstrap 0.1.4
-
Version 0.1.1
- 1.2k Downloads
VirusTotal API DXL Python Service 0.1.1 Release
- Updated Dockerfile to use slim vs. alpine (glibc issues)
- Updated Dockerfile to include VOLUME definition
-
Version 0.1.0
- 1.2k Downloads
Initial release
VirusTotal API DXL Service
Version: 0.1.0
The OpenDXL VirusTotal service(s) exposes access to the VirusTotal API via the Data Exchange Layer (DXL) fabric.
Solutions
VirusTotal API DXL Service
The VirusTotal API DXL Service.
VirusTotal Public API Reference
- Version:
-
0.2.0
| VirusTotal API DXL Service |
Services
VirusTotal API DXL Service
The VirusTotal DXL service exposes access to the VirusTotal API via the Data Exchange Layer (DXL) fabric.
VirusTotal API DXL Python Service (GitHub)
- Version:
-
0.2.0
Requests
/opendxl-virustotal/service/vtapi/domain/report
Invokes a VirusTotal 'domain address report' command and returns the results.
VirusTotal Public API v2.0 Reference: 'Retrieving domain reports'
The contents of the DXL response payload will match exactly to the response provided by the VirusTotal API. Please see the VirusTotal Public API Reference for further details.
{
"BitDefender category": "parked",
"Dr.Web category": "known infection source",
"Forcepoint ThreatSeeker category": "uncategorized",
"Websense ThreatSeeker category": "uncategorized",
"Webutation domain info": {
"Adult content": "yes",
"Safety score": 40,
"Verdict": "malicious"
},
"categories": [
"parked",
"uncategorized"
],
"detected_downloaded_samples": [
{
"date": "2013-06-20 18:51:30",
"positives": 2,
"sha256": "cd8553d9b24574467f381d13c7e0e1eb1e58d677b9484bd05b9c690377813e54",
"total": 46
}
],
"detected_referrer_samples": [
],
"detected_urls": [
{
"positives": 1,
"scan_date": "2016-11-09 21:36:51",
"total": 68,
"url": "http://027.ru/testing"
},
{
"positives": 2,
"scan_date": "2015-02-18 08:54:52",
"total": 62,
"url": "http://027.ru/index.html"
}
],
"domain_siblings": [
],
"resolutions": [
{
"ip_address": "185.53.177.31",
"last_resolved": "2018-09-03 10:58:50"
},
{
"ip_address": "46.38.62.7",
"last_resolved": "2019-02-03 04:49:26"
}
],
"response_code": 1,
"subdomains": [
"www.027.ru",
"test.027.ru"
],
"undetected_downloaded_samples": [
{
"date": "2018-01-14 22:34:24",
"positives": 0,
"sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"total": 70
}
],
"undetected_referrer_samples": [
{
"date": "2018-03-04 16:38:06",
"positives": 0,
"sha256": "ce08cf22949b6b6fcd4e61854ce810a4f9ee04529340dd077fa354d759dc7a95",
"total": 66
},
{
"positives": 0,
"sha256": "b8f5db667431d02291eeec61cf9f0c3d7af00798d0c2d676fde0efb0cedb7741",
"total": 53
}
],
"undetected_urls": [
],
"verbose_msg": "Domain found in dataset",
"whois": "domain: 027.RU\nnserver: ns1.nevstruev.ru.\nnserver: ns2.nevstruev.ru.\nstate: REGISTERED, DELEGATED, VERIFIED\nregistrar: RU-CENTER-RU\ncreated: 2005-12-08T21:00:00Z\npaid-till: 2019-12-08T21:00:00Z\nsource: TCI\nLast updated on 2019-02-03T04:46:31Z",
"whois_timestamp": 1549169366
}
/opendxl-virustotal/service/vtapi/file/report
Invokes a VirusTotal 'file report' command and returns the results.
VirusTotal Public API v2.0 Reference: 'Retrieving file scan reports'
{
"resource": "54bc950d46a0d1aa72048a17c8275743209e6c17bdacfc4cb9601c9ce3ec9a71-1549331758"
}
- resource: string
-
Hash (md5/sha1/sha256) of the file or SHA-256 hash ('scan_id') of the specific existing report you wish to retrieve. You can also specify a CSV list made up of a combination of any of the three allowed hashes (up to 4 items). Note that the file(s) must already be present in the VirusTotal file store.
The contents of the DXL response payload will match exactly to the response provided by the VirusTotal API. Please see the VirusTotal Public API Reference for further details.
{
"md5": "99017f6eebbac24f351415dd410d522d",
"permalink": "https://www.virustotal.com/file/52d3df0ed60c46f336c131bf2ca454f73bafdc4b04dfa2aea80746f5ba9e6d1c/analysis/1273894724/",
"positives": 1,
"resource": "99017f6eebbac24f351415dd410d522d",
"response_code": 1,
"scan_date": "2010-05-15 03:38:44",
"scan_id": "52d3df0ed60c46f336c131bf2ca454f73bafdc4b04dfa2aea80746f5ba9e6d1c-1273894724",
"scans": {
"F-Prot": {
"detected": false,
"result": null,
"update": "20100514",
"version": "4.5.1.85"
},
"McAfee": {
"detected": true,
"result": "Generic.dx!rkx",
"update": "20100515",
"version": "5.400.0.1158"
}
},
"sha1": "4d1740485713a2ab3a4f5822a01f645fe8387f92",
"sha256": "52d3df0ed60c46f336c131bf2ca454f73bafdc4b04dfa2aea80746f5ba9e6d1c",
"total": 2,
"verbose_msg": "Scan finished, scan information embedded in this object"
}
- Error Code: 0
/opendxl-virustotal/service/vtapi/file/rescan
Invokes a VirusTotal 'file rescan' command and returns the results.
VirusTotal Public API v2.0 Reference: 'Rescanning already submitted files'
The contents of the DXL response payload will match exactly to the response provided by the VirusTotal API. Please see the VirusTotal Public API Reference for further details.
{
"permalink": "https://www.virustotal.com/file/__sha256hash__/analysis/1390472785/",
"resource": "7657fcb7d772448a6d8504e4b20168b8",
"response_code": 1,
"scan_id": "54bc950d46a0d1aa72048a17c8275743209e6c17bdacfc4cb9601c9ce3ec9a71-1390472785",
"sha256": "54bc950d46a0d1aa72048a17c8275743209e6c17bdacfc4cb9601c9ce3ec9a71"
}
- Error Code: 0
/opendxl-virustotal/service/vtapi/ip-address/report
Invokes a VirusTotal 'IP address report' command and returns the results.
VirusTotal Public API v2.0 Reference: 'Retrieving IP address reports'
The contents of the DXL response payload will match exactly to the response provided by the VirusTotal API. Please see the VirusTotal Public API Reference for further details.
{
"as_owner": ".masterhost autonomous system",
"asn": "25532",
"continent": "EU",
"country": "RU",
"detected_downloaded_samples": [
{
"date": "2017-10-22 02:45:39",
"positives": 1,
"sha256": "a2765185a15d8deebc76ae0fede9aca69ff8a838f80ba80aca269e93ad028d11",
"total": 63
},
{
"date": "2017-10-12 01:34:54",
"positives": 27,
"sha256": "24da30bc528fc99eea326e40405422e6077793aa439c6da38f6103286155621b",
"total": 50
}
],
"detected_urls": [
{
"positives": 2,
"scan_date": "2018-06-15 05:59:02",
"total": 68,
"url": "http://www.npftin.ru/"
},
{
"positives": 1,
"scan_date": "2018-06-15 04:00:18",
"total": 67,
"url": "http://coloreat.ru/people?order=user_login"
}
],
"network": "90.156.128.0/17",
"resolutions": [
{
"hostname": "otvody.trubarm.ru",
"last_resolved": "2017-09-17 00:00:00"
},
{
"hostname": "ourfoods.ru",
"last_resolved": "2018-08-26 14:39:39"
}
],
"response_code": 1,
"undetected_downloaded_samples": [
{
"date": "2019-02-06 10:31:56",
"positives": 0,
"sha256": "ace5dc20c9d255e174e21d2334caac90ac4f45e9e0da16076811185d0717b5e9",
"total": 59
},
{
"date": "2019-02-06 10:21:46",
"positives": 0,
"sha256": "b0e4a3d9fbc32b6b3f7d6460572036e811854c24205b795c4a601f132f83f65e",
"total": 58
}
],
"undetected_urls": [
[
"http://ethology.ru/video/?id=77",
"54ad59859c6d370b2f8c6e8012849d9ad8469a0f2be1593856c7279eb5b87975",
0,
69,
"2019-02-03 14:09:23"
],
[
"http://profinews.ru/",
"522db998c133ed88074533d3076264b900317c51e5469d802d8d1fe4ef508f19",
0,
69,
"2019-01-21 12:18:07"
]
],
"verbose_msg": "IP address in dataset",
"whois": "Last updated on 2019-01-10T06:11:31Z",
"whois_timestamp": 1547100971
}
- Error Code: 0
/opendxl-virustotal/service/vtapi/url/report
Invokes a VirusTotal 'URL report' command and returns the results.
VirusTotal Public API v2.0 Reference: 'Retrieving URL scan reports'
{
"resource": "http://www.virustotal.com"
}
- resource: string
-
URL for which to retrieve the most recent report. You may also specify a 'scan_id' (sha256-timestamp as returned by the URL submission API) to access a specific report. At the same time, you can specify a CSV list made up of a combination of hashes and 'scan_id's so as to perform a batch request with one single call (up to 4 resources per call with the standard request rate). When sending multiples, the 'scan_id's or URLs must be separated by a new line character.
The contents of the DXL response payload will match exactly to the response provided by the VirusTotal API. Please see the VirusTotal Public API Reference for further details.
{
"filescan_id": null,
"permalink": "https://www.virustotal.com/url/1db0ad7dbcec0676710ea0eaacd35d5e471d3e11944d53bcbd31f0cbd11bce31/analysis/1549563068/",
"positives": 0,
"resource": "http://www.virustotal.com",
"response_code": 1,
"scan_date": "2019-02-07 18:11:08",
"scan_id": "1db0ad7dbcec0676710ea0eaacd35d5e471d3e11944d53bcbd31f0cbd11bce31-1549563068",
"scans": {
"Avira": {
"detected": false,
"result": "clean site"
},
"CLEAN MX": {
"detected": false,
"result": "clean site"
}
},
"total": 2,
"url": "http://www.virustotal.com/",
"verbose_msg": "Scan finished, scan information embedded in this object"
}
- Error Code: 0
/opendxl-virustotal/service/vtapi/url/scan
Invokes a VirusTotal 'URL scan' command and returns the results.
VirusTotal Public API v2.0 Reference: 'Sending and scanning URLs'
The contents of the DXL response payload will match exactly to the response provided by the VirusTotal API. Please see the VirusTotal Public API Reference for further details.
{
"permalink": "https://www.virustotal.com/url/1db0ad7dbcec0676710ea0eaacd35d5e471d3e11944d53bcbd31f0cbd11bce31/analysis/1549501826/",
"resource": "http://www.virustotal.com/",
"response_code": 1,
"scan_date": "2019-02-07 01:10:26",
"scan_id": "1db0ad7dbcec0676710ea0eaacd35d5e471d3e11944d53bcbd31f0cbd11bce31-1549501826",
"url": "http://www.virustotal.com/",
"verbose_msg": "Scan request successfully queued, come back later for the report"
}
- Error Code: 0