From 641dda010393d638327e5cca9a72e84b84f5f956 Mon Sep 17 00:00:00 2001 From: chrisr3d Date: Thu, 18 Jul 2019 21:38:17 +0200 Subject: [PATCH] add: Parsing downloaded samples as well as the referrer ones --- misp_modules/modules/expansion/virustotal_public.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/misp_modules/modules/expansion/virustotal_public.py b/misp_modules/modules/expansion/virustotal_public.py index faababc..46a636e 100644 --- a/misp_modules/modules/expansion/virustotal_public.py +++ b/misp_modules/modules/expansion/virustotal_public.py @@ -75,9 +75,10 @@ class DomainQuery(VirusTotalParser): def parse_report(self, query_result): hash_type = 'sha256' whois = 'whois' - for feature in ('undetected_referrer_samples', 'detected_referrer_samples'): - for sample in query_result[feature]: - self.misp_event.add_attribute(hash_type, sample[hash_type]) + for feature_type in ('referrer', 'dowloaded'): + for feature in ('undetected_{}_samples', 'detected_{}_samples'): + for sample in query_result[feature.format(feature_type)]: + self.misp_event.add_attribute(hash_type, sample[hash_type]) if query_result.get(whois): whois_object = MISPObject(whois) whois_object.add_attribute('text', type='text', value=query_result[whois])