diff --git a/src/MISP_maltego/transforms/attributetoevent.py b/src/MISP_maltego/transforms/attributetoevent.py
index 08ff39c..703d896 100644
--- a/src/MISP_maltego/transforms/attributetoevent.py
+++ b/src/MISP_maltego/transforms/attributetoevent.py
@@ -1,7 +1,7 @@
 from canari.maltego.entities import Unknown
 from canari.maltego.transform import Transform
 # from canari.framework import EnableDebugWindow
-from MISP_maltego.transforms.common.util import get_misp_connection, event_to_entity, get_attribute_in_event, attribute_to_entity, get_entity_property
+from MISP_maltego.transforms.common.util import get_misp_connection, event_to_entity, object_to_entity, get_attribute_in_event, get_attribute_in_object, attribute_to_entity, get_entity_property
 
 __author__ = 'Christophe Vandeplas'
 __copyright__ = 'Copyright 2018, MISP_maltego Project'
@@ -85,25 +85,28 @@ class AttributeToEvent(Transform):
             pass
 
         misp = get_misp_connection(config)
-
+        # special Entities
         if 'properties.mispgalaxy' in request.entity.fields:
             tag_name = get_entity_property(request.entity, 'tag_name')
             if not tag_name:
                 tag_name = request.entity.value
             events_json = misp.search(controller='events', tags=tag_name, withAttachments=False)
-
+        # FIXME make it work with object to event
+        # standard Entities
         else:
             events_json = misp.search(controller='events', values=request.entity.value, withAttachments=False)
-        in_misp = False
+
+        # return the MISPEvent or MISPObject of the attribute
+
         for e in events_json['response']:
-            in_misp = True
-            response += event_to_entity(e)
-        # find the object again, and bookmark it green
-        # we need to do really rebuild the Entity from scratch as request.entity is of type Unknown
-        if in_misp:
-            for e in events_json['response']:
-                attr = get_attribute_in_event(e, request.entity.value)
-                if attr:
-                    for item in attribute_to_entity(attr, only_self=True):
-                        response += item
+            # find the value as attribute
+            attr = get_attribute_in_event(e, request.entity.value)
+            if attr:
+                response += event_to_entity(e)
+            # find the value as object
+            if 'Object' in e['Event']:
+                for o in e['Event']['Object']:
+                    if get_attribute_in_object(o, attribute_value=request.entity.value).get('value'):
+                        response += object_to_entity(o)
+
         return response
diff --git a/src/MISP_maltego/transforms/common/util.py b/src/MISP_maltego/transforms/common/util.py
index ddaf1d2..856002e 100644
--- a/src/MISP_maltego/transforms/common/util.py
+++ b/src/MISP_maltego/transforms/common/util.py
@@ -290,8 +290,8 @@ def object_to_entity(o, link_label=None):
 def object_to_attributes(o, e):
     # first process attributes from an object that belong together (eg: first-name + last-name), and remove them from the list
     if o['name'] == 'person':
-        first_name = get_attribute_in_object(o, 'first-name', drop=True).get('value')
-        last_name = get_attribute_in_object(o, 'last-name', drop=True).get('value')
+        first_name = get_attribute_in_object(o, attribute_type='first-name', drop=True).get('value')
+        last_name = get_attribute_in_object(o, attribute_type='last-name', drop=True).get('value')
         yield entity_obj_to_entity(Person, ' '.join([first_name, last_name]).strip(), 'person', lastname=last_name, firstnames=first_name, bookmark=Bookmark.Green)
 
     # process normal attributes
@@ -320,7 +320,7 @@ def get_object_in_event(uuid, e):
             return o
 
 
-def get_attribute_in_object(o, attribute_type, drop=False):
+def get_attribute_in_object(o, attribute_type=False, attribute_value=False, drop=False):
     '''Gets the first attribute of a specific type within an object'''
     found_attribute = {'value': ''}
     for i, a in enumerate(o['Attribute']):
@@ -329,6 +329,16 @@ def get_attribute_in_object(o, attribute_type, drop=False):
             if drop:    # drop the attribute from the object
                 o['Attribute'].pop(i)
             break
+        if a['value'] == attribute_value:
+            found_attribute = a.copy()
+            if drop:    # drop the attribute from the object
+                o['Attribute'].pop(i)
+        if '|' in a['type'] or a['type'] == 'malware-sample':
+            if attribute_value in a['value'].split('|'):
+                found_attribute = a.copy()
+                if drop:    # drop the attribute from the object
+                    o['Attribute'].pop(i)
+
     return found_attribute
 
 
@@ -336,10 +346,10 @@ def get_attribute_in_event(e, attribute_value):
     for a in e['Event']["Attribute"]:
         if a['value'] == attribute_value:
             return a
-    for o in e['Event']['Object']:
-        for a in o['Attribute']:
-            if a['value'] == attribute_value:
+        if '|' in a['type'] or a['type'] == 'malware-sample':
+            if attribute_value in a['value'].split('|'):
                 return a
+
     return None