More than 3 years have passed since last update.

ハッシュリストをVTに突っ込んで検知結果をリストで受け取る X-FORCE もあるよ

Last updated at 2020-10-29Posted at 2019-12-02

エモいやつのハッシュ値リストをまとめてVTでチェックするスクリプトです。
APIでまとめて取得します。クエリ量制限(4回/分)があるのでゆっくり待ちましょう

import requests
import json
import pandas as pd 
import time
import csv 


hashlist= [
'c9e17e63de9b882e820c829b415a4e13070453c8',
'dee5ff1d1910e27c2b6aed7ddffce3c3be6356d4']
url = 'https://www.virustotal.com/vtapi/v2/file/report'

apikey ='USE_YOUR_API_KEY'

f = open('vt_output.csv', 'w')
writer = csv.writer(f, lineterminator='\n')

for hash in hashlist:
    print(hash)
    params = {'apikey': apikey, 'resource': hash}
    response = requests.get(url, params=params)
    l = [hash]
    response_code =response.json()['response_code']
    l.append(response_code)
    if response_code == 1:
        df=pd.read_json( json.dumps(response.json()))
        for x in range(df.index.size):
            l.append(df['scans'][x]['result'])
    writer.writerow(l)
	time.sleep(25)
f.close()

結果はリストで取得できます。

1	Trojan.Downloader.DOC.Gen	Other:Malware-gen [Trj]	W97m.Downloader.IQU	Trojan.MSWord.Generic.4!c	VBA/Downloader.S70	W97m.Downloader.IQU	Other:Malware-gen [Trj]		VBA/Dldr.Agent.zzlmg		W97m.Downloader.IQU			W97M.Emotet.36301		Doc.Dropper.Emotet-7399725-0		W97M/Downldr.HB.gen!Eldorado	W97M.DownLoader.4186	VBA/TrojanDownloader.Agent.QMI		malicious (high confidence)		Malware.VBA/Dldr.Agent.zzlmg	W97m.Downloader.IQU	VBA/Agent.QLT!tr.dldr	Macro.Trojan.Kryptik.NK@susp	Trojan-Downloader.VBA.Emotet				HEUR:Trojan.MSOffice.SAgent.gen		malware (ai score=89)			W97M/Downloader.xx	BehavesLike.Downloader.cg	W97m.Downloader.IQU	TrojanDownloader:O97M/Emotet.GF!MTB	Trojan.Script.Downloader.ghylsa	O97M/Downloader	virus.office.obfuscated.1			DFI - Malicious OLE	Mal/DocDl-K	Trojan.Gen.2	Suspicious/W97M.Obfus.Gen.8	Heur.Macro.Generic.Gen.f		Trojan.W97M.EMOTET.JKBG	Trojan.W97M.EMOTET.JKBG				Trojan.AvsMofer.bSGLro		HEUR:Trojan.MSOffice.SAgent.gen	Probably W97Obfuscated

X-FORCEでIPをチェックしてスコアを取得するやつも作りました

import requests
import json
import pandas as pd 
import time
import csv 

iplist =[
'8.8.8.8',
'7.7.7.7'
]


url = 'https://api.xforce.ibmcloud.com/ipr/' 

apikey ='Basic YOURKEY'

f = open('x_output.csv', 'w')
writer = csv.writer(f, lineterminator='\n')


for ip in iplist:
    print(ip)
    headers = {'Authorization': apikey}
    full = url + ip
    response = requests.get(full, headers=headers)
    l = [ip]
    l.append(response.json()["score"])
    l.append(response.json()["cats"])
    l.append(response.json()["categoryDescriptions"])
    writer.writerow(l)
    time.sleep(5)
f.close()

You get articles that match your needs
You can efficiently read back useful information
You can use dark theme

What you can do with signing up