VirusTotal · Capability

VirusTotal API v3 - IoC Investigation — IoC Investigation - Zipping files

VirusTotal API v3 - IoC Investigation — IoC Investigation - Zipping files. 4 operations. Lead operation: Create a Password-protected ZIP with Google Threat Intelligence Files. Self-contained Naftiko capability covering one VirusTotal business surface.

Run with Naftiko VirusTotalIoC InvestigationZipping files

What You Can Do

POST
Zipfiles — VirusTotal Create a Password-protected ZIP with Google Threat Intelligence Files
/v1/intelligence/zip_files
GET
Getzipfile — VirusTotal Check a ZIP File’s Status
/v1/intelligence/zip_files/{id}
GET
Zipfilesdownload — VirusTotal Download a ZIP File
/v1/intelligence/zip_files/{id}/download
GET
Zipfilesdownloadurl — VirusTotal Get a ZIP File’s Download URL
/v1/intelligence/zip_files/{id}/download_url

MCP Tools

create-password-protected-zip-google

VirusTotal Create a Password-protected ZIP with Google Threat Intelligence Files

check-zip-file-s-status

VirusTotal Check a ZIP File’s Status

read-only idempotent
download-zip-file

VirusTotal Download a ZIP File

read-only idempotent
get-zip-file-s-download

VirusTotal Get a ZIP File’s Download URL

read-only idempotent

Capability Spec

ioc-investigation-ioc-investigation-zipping-files.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: VirusTotal API v3 - IoC Investigation — IoC Investigation - Zipping files
  description: 'VirusTotal API v3 - IoC Investigation — IoC Investigation - Zipping files. 4 operations. Lead operation: Create a Password-protected ZIP with Google Threat Intelligence Files. Self-contained
    Naftiko capability covering one VirusTotal business surface.'
  tags:
  - VirusTotal
  - IoC Investigation
  - Zipping files
  created: '2026-05-29'
  modified: '2026-05-29'
binds:
- namespace: env
  keys:
    VIRUSTOTAL_API_KEY: VIRUSTOTAL_API_KEY
capability:
  consumes:
  - type: http
    namespace: ioc-investigation-ioc-investigation-zipping-files
    baseUri: https://www.virustotal.com/api/v3
    description: VirusTotal API v3 - IoC Investigation — IoC Investigation - Zipping files. Self-contained, no shared references.
    authentication:
      type: apikey
      key: x-apikey
      value: '{{env.VIRUSTOTAL_API_KEY}}'
      placement: header
    resources:
    - name: intelligence-zip-files
      path: /intelligence/zip_files
      operations:
      - name: zipFiles
        method: POST
        description: VirusTotal Create a Password-protected ZIP with Google Threat Intelligence Files
        inputParameters:
        - name: body
          in: body
          type: object
          required: false
          description: Request body payload.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: intelligence-zip-files-id
      path: /intelligence/zip_files/{id}
      operations:
      - name: getZipFile
        method: GET
        description: VirusTotal Check a ZIP File’s Status
        inputParameters:
        - name: id
          in: path
          type: string
          required: true
          description: ZIP file identifier
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: intelligence-zip-files-id-download
      path: /intelligence/zip_files/{id}/download
      operations:
      - name: zipFilesDownload
        method: GET
        description: VirusTotal Download a ZIP File
        inputParameters:
        - name: id
          in: path
          type: string
          required: true
          description: ZIP file identifier
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: intelligence-zip-files-id-download-url
      path: /intelligence/zip_files/{id}/download_url
      operations:
      - name: zipFilesDownloadUrl
        method: GET
        description: VirusTotal Get a ZIP File’s Download URL
        inputParameters:
        - name: id
          in: path
          type: string
          required: true
          description: ZIP file identifier
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
  exposes:
  - type: rest
    namespace: ioc-investigation-ioc-investigation-zipping-files-rest
    port: 8080
    description: REST adapter for VirusTotal API v3 - IoC Investigation — IoC Investigation - Zipping files. One Spectral-compliant resource per consumed operation, prefixed with /v1.
    resources:
    - path: /v1/intelligence/zip_files
      name: intelligence-zip-files
      description: REST surface for /intelligence/zip_files.
      operations:
      - method: POST
        name: zipFiles
        description: VirusTotal Create a Password-protected ZIP with Google Threat Intelligence Files
        call: ioc-investigation-ioc-investigation-zipping-files.zipFiles
        outputParameters:
        - type: object
          mapping: $.
        with:
          body: rest.body
    - path: /v1/intelligence/zip_files/{id}
      name: intelligence-zip-files-id
      description: REST surface for /intelligence/zip_files/{id}.
      operations:
      - method: GET
        name: getZipFile
        description: VirusTotal Check a ZIP File’s Status
        call: ioc-investigation-ioc-investigation-zipping-files.getZipFile
        outputParameters:
        - type: object
          mapping: $.
        with:
          id: rest.id
    - path: /v1/intelligence/zip_files/{id}/download
      name: intelligence-zip-files-id-download
      description: REST surface for /intelligence/zip_files/{id}/download.
      operations:
      - method: GET
        name: zipFilesDownload
        description: VirusTotal Download a ZIP File
        call: ioc-investigation-ioc-investigation-zipping-files.zipFilesDownload
        outputParameters:
        - type: object
          mapping: $.
        with:
          id: rest.id
    - path: /v1/intelligence/zip_files/{id}/download_url
      name: intelligence-zip-files-id-download-url
      description: REST surface for /intelligence/zip_files/{id}/download_url.
      operations:
      - method: GET
        name: zipFilesDownloadUrl
        description: VirusTotal Get a ZIP File’s Download URL
        call: ioc-investigation-ioc-investigation-zipping-files.zipFilesDownloadUrl
        outputParameters:
        - type: object
          mapping: $.
        with:
          id: rest.id
  - type: mcp
    namespace: ioc-investigation-ioc-investigation-zipping-files-mcp
    port: 9090
    transport: http
    description: MCP adapter for VirusTotal API v3 - IoC Investigation — IoC Investigation - Zipping files. One tool per consumed operation, routed inline through this capability's consumes block.
    tools:
    - name: create-password-protected-zip-google
      description: VirusTotal Create a Password-protected ZIP with Google Threat Intelligence Files
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: ioc-investigation-ioc-investigation-zipping-files.zipFiles
      outputParameters:
      - type: object
        mapping: $.
      with:
        body: tools.body
    - name: check-zip-file-s-status
      description: VirusTotal Check a ZIP File’s Status
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: ioc-investigation-ioc-investigation-zipping-files.getZipFile
      outputParameters:
      - type: object
        mapping: $.
      with:
        id: tools.id
    - name: download-zip-file
      description: VirusTotal Download a ZIP File
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: ioc-investigation-ioc-investigation-zipping-files.zipFilesDownload
      outputParameters:
      - type: object
        mapping: $.
      with:
        id: tools.id
    - name: get-zip-file-s-download
      description: VirusTotal Get a ZIP File’s Download URL
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: ioc-investigation-ioc-investigation-zipping-files.zipFilesDownloadUrl
      outputParameters:
      - type: object
        mapping: $.
      with:
        id: tools.id