From 0c63d054dac73bc6611063c2ce4a102a212d7ce4 Mon Sep 17 00:00:00 2001 From: hariomenkel Date: Fri, 12 Jun 2020 09:13:26 +0200 Subject: [PATCH] Update VirustotalDownloader.py Fixed copy/paste error and suggestion from https://github.com/TheHive-Project/Cortex-Analyzers/pull/766#discussion_r436776878 --- VirustotalDownloader.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/VirustotalDownloader.py b/VirustotalDownloader.py index d032b80..5906a98 100644 --- a/VirustotalDownloader.py +++ b/VirustotalDownloader.py @@ -43,9 +43,13 @@ def run(self): kind = filetype.guess(f.name) - if kind.extension != None: + if kind: os.rename(f.name, f.name + "." + kind.extension) filename = f.name + "." + kind.extension + tags = ['src:VirusTotal', str(kind.mime), str(kind.extension), 'parent:' + self.get_param('data.data')] + else: + filename = f.name + tags = ['src:VirusTotal', 'parent:' + self.get_param('data.data')] api = TheHiveApi(self.thehive_url, self.thehive_apikey) @@ -53,7 +57,7 @@ def run(self): data=[filename], tlp=self.get_param('data.tlp'), ioc=True, - tags=['src:VirusTotal', str(kind.mime), str(kind.extension), 'parent:' + self.get_param('data.data')], + tags=tags message='' ) @@ -61,7 +65,7 @@ def run(self): self.report({'message': str(response.status_code)}) else: - self.report({'message': 'Virustotal returned the following error code: ' + str(response.status_code) + ". If you receive 403 this means that $ + self.report({'message': 'Virustotal returned the following error code: ' + str(response.status_code) + ". If you receive 403 this means that you are using the free API instead of the premium API."}) else: self.error('Incorrect dataType. "Hash" expected.')