[reversinglabs] Fix MD5 STIX patterns

hnhdev · Aug 3, 2024 · afca13b · afca13b
1 parent 5d92e63
commit afca13b
Showing 1 changed file with 8 additions and 3 deletions.
diff --git a/internal-enrichment/reversinglabs-malware-presence/src/main.py b/internal-enrichment/reversinglabs-malware-presence/src/main.py
@@ -701,9 +701,14 @@ def _check_file_reputation(
 
                 if results["score"] > 50:
                     # Generate indicator from observable with relationships
-                    indicator_pattern = (
-                        f"[file:hashes. '{self.hash_type}' = '{self.hash}']"
-                    )
+                    if self.hash_type == "MD5":
+                        indicator_pattern = (
+                            f"[file:hashes.{self.hash_type} = '{self.hash}']"
+                        )
+                    else:
+                        indicator_pattern = (
+                            f"[file:hashes.'{self.hash_type}' = '{self.hash}']"
+                        )
                     main_observable_type = "File"
                     indicator_name = self.hash
                     self._generate_stix_indicator(