Virustotal enrichement not returning hash types

[vedd3r]

Hi,

When using the virustotal module to expand a hash previously I would get a return of 3 types of hash which are MD5, SHA1 and SHA256. However, when I do a git pull to update the misp-modules and upgrade it, it now only returns back a single hash value and most of the time it's the same hash value which I was trying to expand.

I my upgrade the modules using the below procedure:

• cd /usr/local/src/misp-module
• git pull
• pip3 install --upgrade -r REQUIREMENTS
• pip3 install --upgrade .

and restart the misp-modules.

Is there anything wrong with the upgrade procedure I'm using or is it a bug in the code? I can confirm that VirusTotal has all the hash type (MD5, SHA-1 and SHA-256) of the SHA-1 value which I was querying.

FYI, I am using a public API key.

Thanks.

[StefanKelm]

Can confirm this behaviour from over here (2.4.93).

[vedd3r]

Also, passivetotal module keeps returning with "Error" when expanding attributes after the update. I'm not too sure where to check for error logs though, if anyone could point me to the right file to look into that will be great. So far only VT and PassiveTotal that seemed to have issues when updating the modules.