From 0f19484dc03a210c961a4117902ccf3f001dfe7a Mon Sep 17 00:00:00 2001
From: Spacechrist <70014228+Spacechrist@users.noreply.github.com>
Date: Thu, 9 Jan 2025 13:52:31 +0100
Subject: [PATCH] Update ThreatFoxQuery.py

changed file.hash.256 to file.hash.sha256
---
 ThreatFoxQuery.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ThreatFoxQuery.py b/ThreatFoxQuery.py
index 9cc712b..fc19777 100644
--- a/ThreatFoxQuery.py
+++ b/ThreatFoxQuery.py
@@ -46,7 +46,7 @@
 
 # Process the IOCs and store the result by IOC type
 formatted_iocs = {
-    "file.hash.256": [],
+    "file.hash.sha256": [],
     "file.hash.md5": [],
     "destination.ip": [],  # Changed to destination.ip to match desired output
     "url.domain": [],
@@ -60,7 +60,7 @@
 
     # Append the IOC values to the appropriate list based on the IOC type
     if ioc_type == "sha256_hash":
-        formatted_iocs["file.hash.256"].append(f'"{ioc_value}"')
+        formatted_iocs["file.hash.sha256"].append(f'"{ioc_value}"')
     elif ioc_type == "md5_hash":
         formatted_iocs["file.hash.md5"].append(f'"{ioc_value}"')
     elif ioc_type == "ip:port":
@@ -95,7 +95,7 @@
     writer = csv.writer(csvfile)
     
     # Write headers for the CSV file
-    writer.writerow(['file.hash.256', 'file.hash.md5', 'destination.ip', 'url.domain', 'url.original'])
+    writer.writerow(['file.hash.sha256', 'file.hash.md5', 'destination.ip', 'url.domain', 'url.original'])
     
     # Determine the maximum length of any IOC type list to ensure we loop through all rows
     max_length = max(len(values) for values in formatted_iocs.values())
@@ -103,7 +103,7 @@
     # Write each row of IOCs, padding with empty strings if necessary
     for i in range(max_length):
         row = [
-            formatted_iocs["file.hash.256"][i] if i < len(formatted_iocs["file.hash.256"]) else '',
+            formatted_iocs["file.hash.sha256"][i] if i < len(formatted_iocs["file.hash.sha256"]) else '',
             formatted_iocs["file.hash.md5"][i] if i < len(formatted_iocs["file.hash.md5"]) else '',
             formatted_iocs["destination.ip"][i] if i < len(formatted_iocs["destination.ip"]) else '',  # Updated to destination.ip
             formatted_iocs["url.domain"][i] if i < len(formatted_iocs["url.domain"]) else '',