.ioccheck does not exist.

[nakagit]

I just installed ioccheck, but it didn't work well. It seems to be configure something,

What I executed and got errors are following: $ /home/ubuntu/.local/bin/ioccheck 275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f

v0.3.1 (https://github.com/ranguli/ioccheck)

Checking IOC 275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f.

[*] Checking if IOC is a valid file hash. [!] File /home/ubuntu/.ioccheck does not exist.

[Question] How can I create .ioccheck file? (Ubuntu 20.04)

Kind regards, Nakagit

[ranguli]

Hi @nakagit,

Thank you for pointing this out, at the moment this file is not yet created for the user when they install ioccheck, so I will need to fix that. For right now, you can create that file manually using this as a reference (but of course you will need to obtain your own API credentials from the various services you wish to use).

Let me know if this solves your issue. Thanks!

[nakagit]

Hi @ranguli,

Thank you so much for your reply. :)

I created the file, /home/ubuntu/.ioccheck, as following: (only for VirusTotal)

[virustotal] api_key=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

And, I've got some response, but also had some errors as following: $ /home/ubuntu/.local/bin/ioccheck 275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f d8b 888 888
Y8P 888 888
888 888
888 .d88b. .d8888b .d8888b88888b. .d88b. .d8888b888 888 888d88""88bd88P" d88P" 888 "88bd8P Y8bd88P" 888 .88P 888888 888888 888 888 88888888888888 888888K
888Y88..88PY88b. Y88b. 888 888Y8b. Y88b. 888 "88b 888 "Y88P" "Y8888P "Y8888P888 888 "Y8888 "Y8888P888 888

v0.3.1 (https://github.com/ranguli/ioccheck)

Checking IOC 275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f.

[] Checking if IOC is a valid file hash. [] Hashing algorithm: SHA256 [] VirusTotal tags: text, attachment, via-tor [] VirusTotal URL: https://virustotal.com/gui/file/275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f/ [*] VirusTotal detections: 57 engines (76%) detected this file.

╒═══════════════════════╤═══════════════════════════════════╕ │ Antivirus │ Detection │ ╞═══════════════════════╪═══════════════════════════════════╡ │ Elastic │ eicar │ ├───────────────────────┼───────────────────────────────────┤ │ MicroWorld-eScan │ EICAR-Test-File │ ├───────────────────────┼───────────────────────────────────┤ │ CAT-QuickHeal │ EICAR.TestFile │ ├───────────────────────┼───────────────────────────────────┤ │ ALYac │ Misc.Eicar-Test-File │ ├───────────────────────┼───────────────────────────────────┤ │ Zillya │ EICAR.TestFile │ ├───────────────────────┼───────────────────────────────────┤ │ SUPERAntiSpyware │ NotAThreat.EICAR[TestFile] │ ├───────────────────────┼───────────────────────────────────┤ │ Sangfor │ EICAR-Test-File │ ├───────────────────────┼───────────────────────────────────┤ │ K7AntiVirus │ EICAR_Test_File │ ├───────────────────────┼───────────────────────────────────┤ │ Alibaba │ Trojan:MacOS/eicar.com │ ├───────────────────────┼───────────────────────────────────┤ │ K7GW │ EICAR_Test_File │ ├───────────────────────┼───────────────────────────────────┤ │ Baidu │ Win32.Test.Eicar.a │ ├───────────────────────┼───────────────────────────────────┤ │ Cyren │ EICAR_Test_File │ ├───────────────────────┼───────────────────────────────────┤ │ SymantecMobileInsight │ ALG:EICAR Test String │ ├───────────────────────┼───────────────────────────────────┤ │ Symantec │ EICAR Test String │ ├───────────────────────┼───────────────────────────────────┤ │ ESET-NOD32 │ Eicar test file │ ├───────────────────────┼───────────────────────────────────┤ │ APEX │ EICAR Anti-Virus Test File │ ├───────────────────────┼───────────────────────────────────┤ │ Avast │ EICAR Test-NOT virus!!! │ ├───────────────────────┼───────────────────────────────────┤ │ ClamAV │ Win.Test.EICAR_HDB-1 │ ├───────────────────────┼───────────────────────────────────┤ │ Kaspersky │ EICAR-Test-File │ ├───────────────────────┼───────────────────────────────────┤ │ BitDefender │ EICAR-Test-File (not a virus) │ ├───────────────────────┼───────────────────────────────────┤ │ NANO-Antivirus │ Marker.Dos.EICAR-Test-File.dyb │ ├───────────────────────┼───────────────────────────────────┤ │ AegisLab │ Test.File.EICAR.y │ ├───────────────────────┼───────────────────────────────────┤ │ Tencent │ EICAR.TEST.NOT-A-VIRUS │ ├───────────────────────┼───────────────────────────────────┤ │ Ad-Aware │ EICAR-Test-File (not a virus) │ ├───────────────────────┼───────────────────────────────────┤ │ Comodo │ Malware@#2975xfk8s2pq1 │ ├───────────────────────┼───────────────────────────────────┤ │ DrWeb │ EICAR Test File (NOT a Virus!) │ ├───────────────────────┼───────────────────────────────────┤ │ VIPRE │ EICAR (v) │ ├───────────────────────┼───────────────────────────────────┤ │ TrendMicro │ Eicar_test_file │ ├───────────────────────┼───────────────────────────────────┤ │ McAfee-GW-Edition │ EICAR test file │ ├───────────────────────┼───────────────────────────────────┤ │ FireEye │ EICAR-Test-File (not a virus) │ ├───────────────────────┼───────────────────────────────────┤ │ Emsisoft │ EICAR-Test-File (not a virus) (B) │ ├───────────────────────┼───────────────────────────────────┤ │ SentinelOne │ Static AI - Malicious COM │ ├───────────────────────┼───────────────────────────────────┤ │ GData │ EICAR_TEST_FILE │ ├───────────────────────┼───────────────────────────────────┤ │ Jiangmin │ EICAR-Test-File │ ├───────────────────────┼───────────────────────────────────┤ │ Webroot │ W32.Eicar.Testvirus.Gen │ ├───────────────────────┼───────────────────────────────────┤ │ Avira │ Eicar-Test-Signature │ ├───────────────────────┼───────────────────────────────────┤ │ MAX │ malware (ai score=100) │ ├───────────────────────┼───────────────────────────────────┤ │ Gridinsoft │ PUP.U.EICAR_Test_File.dd │ ├───────────────────────┼───────────────────────────────────┤ │ Microsoft │ Virus:DOS/EICAR_Test_File │ ├───────────────────────┼───────────────────────────────────┤ │ ViRobot │ EICAR-test │ ├───────────────────────┼───────────────────────────────────┤ │ Avast-Mobile │ Eicar │ ├───────────────────────┼───────────────────────────────────┤ │ Cynet │ Malicious (score: 99) │ ├───────────────────────┼───────────────────────────────────┤ │ AhnLab-V3 │ Virus/EICAR_Test_File │ ├───────────────────────┼───────────────────────────────────┤ │ McAfee │ EICAR test file │ ├───────────────────────┼───────────────────────────────────┤ │ TACHYON │ EICAR-Test-File │ ├───────────────────────┼───────────────────────────────────┤ │ VBA32 │ EICAR-Test-File │ ├───────────────────────┼───────────────────────────────────┤ │ Zoner │ EICAR.Test.File-NoVirus.250 │ ├───────────────────────┼───────────────────────────────────┤ │ TrendMicro-HouseCall │ Eicar_test_file │ ├───────────────────────┼───────────────────────────────────┤ │ Rising │ EICAR-Test-File (CLASSIC) │ ├───────────────────────┼───────────────────────────────────┤ │ Yandex │ EICAR_test_file │ ├───────────────────────┼───────────────────────────────────┤ │ Ikarus │ EICAR-Test-File │ ├───────────────────────┼───────────────────────────────────┤ │ MaxSecure │ VIRUS.EICAR.TEST │ ├───────────────────────┼───────────────────────────────────┤ │ Fortinet │ EICAR_TEST_FILE │ ├───────────────────────┼───────────────────────────────────┤ │ BitDefenderTheta │ EICAR-Test-File (not a virus) │ ├───────────────────────┼───────────────────────────────────┤ │ AVG │ EICAR Test-NOT virus!!! │ ├───────────────────────┼───────────────────────────────────┤ │ Panda │ EICAR-AV-TEST-FILE │ ├───────────────────────┼───────────────────────────────────┤ │ Qihoo-360 │ qex.eicar.gen.gen │ ╘═══════════════════════╧═══════════════════════════════════╛ [] VirusTotal reputation: 3404 Traceback (most recent call last): File "/home/ubuntu/.local/bin/ioccheck", line 8, in sys.exit(run()) File "/home/ubuntu/.local/lib/python3.8/site-packages/click/core.py", line 829, in call return self.main(args, kwargs) File "/home/ubuntu/.local/lib/python3.8/site-packages/click/core.py", line 782, in main rv = self.invoke(ctx) File "/home/ubuntu/.local/lib/python3.8/site-packages/click/core.py", line 1066, in invoke return ctx.invoke(self.callback, ctx.params) File "/home/ubuntu/.local/lib/python3.8/site-packages/click/core.py", line 610, in invoke return callback(*args, **kwargs) File "/home/ubuntu/.local/lib/python3.8/site-packages/ioccheck/cli/init.py", line 169, in run ioc_type.get("results")(ioc, heading_color) File "/home/ubuntu/.local/lib/python3.8/site-packages/ioccheck/cli/init.py", line 117, in hash_results virustotal_results(_hash, heading_color) File "/home/ubuntu/.local/lib/python3.8/site-packages/ioccheck/cli/init.py", line 86, in virustotal_results if formatter.popular_threat_names: File "/home/ubuntu/.local/lib/python3.8/site-packages/ioccheck/cli/formatters/virustotal.py", line 91, in popular_threat_names if self.service.popular_threat_names File "/home/ubuntu/.local/lib/python3.8/site-packages/ioccheck/services/virustotal.py", line 96, in popular_threat_names return [name[0] for name in names] if names else None File "/home/ubuntu/.local/lib/python3.8/site-packages/ioccheck/services/virustotal.py", line 96, in return [name[0] for name in names] if names else None KeyError: 0

[Question] Do I need to care about above errors?

Thanks in advance, Nakagit

[ranguli]

Hi @nakagit,

Those errors should not occur, I was able to reproduce them on v0.3.1. I will look into what is causing them and try to come up with a fix. Thank you for reporting!

[ranguli]

Hi @nakagit, I forgot to follow up and reply to this issue. A fix has been merged and will be included in the next release! Thanks once again for reporting this bug.