Adding VirusTotal

61 views
Skip to first unread message

Cecil Jackson

unread,
Nov 27, 2024, 7:47:44 AM11/27/24
to Wazuh | Mailing List
I cannot seem to add virustotal to Wazun.

I get an error.
<integration>
  <name>virustotal</name>
  <api_key>2x</api_key>
  <group>syscheck</group>
  <alert_format>json</alert_format>
</integration>

I know my VirusTotal is good with curl.
curl https://www.virustotal.com/vtapi/v2/file/report -F resource=2x -F apikey=<x>
cj@cj-OptiPlex-7050:~$ curl https://www.virustotal.com/vtapi/v2/file/report -F resource=2x  -F apikey=13c5d866339930ec6e959a2478eac665dfcf6fd5e41a88182ec361daaf7f4253
{"md5":"0d57927d8daa6c15ef85eb9c0db57d7c","permalink":"https://www.virustotal.com/gui/file/1394942aef881f6fa872e0ce8c604bccb0ece22693b4fb5a5db0f5f2e6979f5e/detection/f-1394942aef881f6fa872e0ce8c604bccb0ece22693b4fb5a5db0f5f2e6979f5e-1731185441","positives":51,"resource":"1394942aef881f6fa872e0ce8c604bccb0ece22693b4fb5a5db0f5f2e6979f5e","response_code":1,"scan_date":"2024-11-09 20:50:41","scan_id":"1394942aef881f6fa872e0ce8c604bccb0ece22693b4fb5a5db0f5f2e6979f5e-1731185441","scans":{"ALYac":{"detected":true,"result":"Trojan.Rasftuby.Gen.2","update":"20241109","version":"2.0.0.10"},"APEX":{"detected":true,"result":"Malicious","update":"20241104","version":"6.590"},"AVG":{"detected":true,"result":"Win32:Malware-gen","update":"20241109","version":"23.9.8494.0"},"Acronis":{"detected":false,"result":null,"update":"20240328","version":"1.2.0.121"},"AhnLab-V3":{"detected":false,"result":null,"update":"20241109","version":"3.26.2.10521"},"Alibaba":{"detected":true,"result":"Worm:Win32/Gamarue.de37ac1b","update":"20190527","version":"0.3.0.5"},"Antiy-AVL":{"detected":false,"result":null,"update":"20241109","version":"3.0"},"Arcabit":{"detected":true,"result":"Trojan.Rasftuby.Gen.2","update":"20241109","version":"2022.0.0.18"},"Avast":{"detected":true,"result":"Win32:Malware-gen","update":"20241109","version":"23.9.8494.0"},"Avira":{"detected":true,"result":"DR/AutoIt.Gen","update":"20241109","version":"8.3.3.20"},"Baidu":{"detected":true,"result":"Archive.Bomb","update":"20190318","version":"1.0.0.2"},"BitDefender":{"detected":true,"result":"Trojan.Rasftuby.Gen.2","update":"20241109","version":"7.2"},"Bkav":{"detected":true,"result":"W32.AIDetectMalware","update":"20241109","version":"2.0.0.1"},"CAT-QuickHeal":{"detected":false,"result":null,"update":"20241108","version":"22.00"},"CMC":{"detected":false,"result":null,"update":"20241109","version":"2.4.2022.1"},"CTX":{"detected":true,"result":"exe.trojan.androm","update":"20241109","version":"2024.8.29.1"},"ClamAV":{"detected":true,"result":"Win.Dropper.DarkKomet-9878589-0","update":"20241109","version":"1.4.1.0"},"CrowdStrike":{"detected":true,"result":"win/malicious_confidence_100% (W)","update":"20231026","version":"1.0"},"Cylance":{"detected":true,"result":"Unsafe","update":"20241107","version":"3.0.0.0"},"Cynet":{"detected":true,"result":"Malicious (score: 99)","update":"20241109","version":"4.0.1.1"},"DeepInstinct":{"detected":true,"result":"MALICIOUS","update":"20241105","version":"5.0.0.8"},"DrWeb":{"detected":true,"result":"BackDoor.Andromeda.22","update":"20241109","version":"7.0.65.5230"},"ESET-NOD32":{"detected":true,"result":"Win32/TrojanDownloader.Wauchos.A","update":"20241109","version":"30195"},"Elastic":{"detected":false,"result":null,"update":"20241106","version":"4.0.173"},"Emsisoft":{"detected":true,"result":"Trojan.Rasftuby.Gen.2 (B)","update":"20241109","version":"2024.1.0.53752"},"F-Secure":{"detected":true,"result":"Dropper.DR/AutoIt.Gen","update":"20241109","version":"18.10.1547.307"},"FireEye":{"detected":true,"result":"Trojan.Rasftuby.Gen.2","update":"20241109","version":"35.47.0.0"},"Fortinet":{"detected":true,"result":"W32/Androm.A!tr.bdr","update":"20241109","version":"None"},"GData":{"detected":true,"result":"Trojan.Rasftuby.Gen.2","update":"20241109","version":"A:25.39242B:27.38122"},"Google":{"detected":true,"result":"Detected","update":"20241109","version":"1731180654"},"Gridinsoft":{"detected":false,"result":null,"update":"20241109","version":"1.0.196.174"},"Ikarus":{"detected":true,"result":"Trojan.Autoit","update":"20241109","version":"6.3.23.0"},"Jiangmin":{"detected":false,"result":null,"update":"20241108","version":"16.0.100"},"K7AntiVirus":{"detected":true,"result":"Trojan ( 700000111 )","update":"20241109","version":"12.198.53831"},"K7GW":{"detected":true,"result":"Trojan ( 700000111 )","update":"20241109","version":"12.198.53831"},"Kaspersky":{"detected":true,"result":"HEUR:Trojan.Script.Generic","update":"20241109","version":"22.0.1.28"},"Kingsoft":{"detected":true,"result":"Script.Trojan.Generic.a","update":"20241108","version":"None"},"Lionic":{"detected":true,"result":"Trojan.Win32.Generic.4!c","update":"20241109","version":"8.16"},"Malwarebytes":{"detected":true,"result":"Generic.Malware.AI.DDS","update":"20241109","version":"4.5.5.54"},"MaxSecure":{"detected":false,"result":null,"update":"20241109","version":"1.0.0.1"},"McAfee":{"detected":true,"result":"Artemis!0D57927D8DAA","update":"20241109","version":"6.0.6.653"},"McAfeeD":{"detected":true,"result":"ti!1394942AEF88","update":"20241109","version":"1.2.0.7977"},"MicroWorld-eScan":{"detected":true,"result":"Trojan.Rasftuby.Gen.2","update":"20241109","version":"14.0.409.0"},"Microsoft":{"detected":true,"result":"Worm:Win32/Gamarue.F","update":"20241109","version":"1.1.24090.11"},"NANO-Antivirus":{"detected":true,"result":"Trojan.Win32.Androm.dokcgy","update":"20241109","version":"1.0.146.25796"},"Paloalto":{"detected":true,"result":"generic.ml","update":"20241109","version":"0.9.0.1003"},"Panda":{"detected":true,"result":"Trj/CI.A","update":"20241109","version":"4.6.4.2"},"Rising":{"detected":false,"result":null,"update":"20241109","version":"25.0.0.28"},"SUPERAntiSpyware":{"detected":false,"result":null,"update":"20241109","version":"5.6.0.1032"},"SentinelOne":{"detected":false,"result":null,"update":"20240417","version":"24.2.1.1"},"Skyhigh":{"detected":true,"result":"W32/ObfusInjectBot.d","update":"20241108","version":"v2021.2.0+4045"},"Sophos":{"detected":true,"result":"Mal/MalitRar-B","update":"20241109","version":"2.5.5.0"},"Symantec":{"detected":true,"result":"Trojan.Gen.MBT","update":"20241109","version":"1.22.0.0"},"SymantecMobileInsight":{"detected":true,"result":"AppRisk:Generisk","update":"20241017","version":"2.0"},"TACHYON":{"detected":false,"result":null,"update":"20241109","version":"2024-11-09.02"},"Tencent":{"detected":true,"result":"Win32.Trojan.Generic.Jjgl","update":"20241109","version":"1.0.0.1"},"Trapmine":{"detected":true,"result":"suspicious.low.ml.score","update":"20241107","version":"4.0.16.250"},"TrendMicro":{"detected":true,"result":"BKDR_SHOTODOR.VJ","update":"20241109","version":"11.0.0.1006"},"TrendMicro-HouseCall":{"detected":true,"result":"BKDR_SHOTODOR.VJ","update":"20241109","version":"10.0.0.1040"},"VBA32":{"detected":false,"result":null,"update":"20241106","version":"5.0.0"},"VIPRE":{"detected":true,"result":"Trojan.Rasftuby.Gen.2","update":"20241109","version":"6.0.0.35"},"Varist":{"detected":true,"result":"W32/AutoIt.EN.gen!Eldorado","update":"20241109","version":"6.6.1.3"},"ViRobot":{"detected":false,"result":null,"update":"20241109","version":"2014.3.20.0"},"VirIT":{"detected":false,"result":null,"update":"20241108","version":"9.5.826"},"Webroot":{"detected":false,"result":null,"update":"20240910","version":"1.9.0.8"},"Xcitium":{"detected":true,"result":"Malware@#1yp50offymk8r","update":"20241109","version":"37203"},"Yandex":{"detected":false,"result":null,"update":"20241109","version":"5.5.2.24"},"Zillya":{"detected":false,"result":null,"update":"20241109","version":"2.0.0.5234"},"ZoneAlarm":{"detected":true,"result":"HEUR:Trojan.Script.Generic","update":"20241008","version":"1.0"},"Zoner":{"detected":true,"result":"Probably Heur.RARAutorun","update":"20241109","version":"2.2.2.0"},"alibabacloud":{"detected":false,"result":null,"update":"20241030","version":"2.2.0"},"huorong":{"detected":false,"result":null,"update":"20241109","version":"43c515d:43c515d:565b35a:565b35a"},"tehtris":{"detected":false,"result":null,"update":"20241109","version":"v0.1.4"}},"sha1":"5cdfe6d3d5b603671e8e960187e3277d2a52e540","sha256":"1394942aef881f6fa872e0ce8c604bccb0ece22693b4fb5a5db0f5f2e6979f5e","total":73,"verbose_msg":"Scan finished, information embedded"}


Julio Gasco

unread,
Nov 27, 2024, 6:52:01 PM11/27/24
to Wazuh | Mailing List
Hi Cecil,
Can you please share the output of the following command ? 

cat /var/ossec/logs/ossec.log | grep -i virustotal

We can have an idea if there is a problem with the integration.

Also the virustotal scripts are by default on the instalation but just in Case can you check the following files exist with the permissions in /var/ossec/integrations 
-rwxr-x--- 1 root wazuh  1045 ago 19 14:23 virustotal
-rwxr-x--- 1 root wazuh 11088 ago 19 14:23 virustotal.py

Regards!

Christopher Dean

unread,
Nov 27, 2024, 8:02:21 PM11/27/24
to Wazuh | Mailing List
WELDING MACHINES AND ACCESSORIES FOR SALE ONLINE WITH SAFE AND GUARANTEED SHIPPING.


SHOP BELOW

Buy discounted welders, plasma cutters and welding safety gear by premium brands like Miller, Lincoln Electric, Hypertherm, Hobart and Black Stallion - from the mouse with over 86 years of welding experience.

where to order welding machines and accessories online with safe shipping.

we have the best welding tools like reels,miller remote,pipe bender,welding cable, lincoln rods,leads,miller welding helmet,mig guns,tig torches,plasma torches,welding cables,mig welders,tig welders,Etc.

Order now from our website below with safe and guaranteed shipping

Reply all
Reply to author
Forward
0 new messages