diff --git a/VERSION.json b/VERSION.json
index f48637c68..45374cdce 100644
--- a/VERSION.json
+++ b/VERSION.json
@@ -1 +1 @@
-{"major":2, "minor":3, "hotfix":84}
+{"major":2, "minor":3, "hotfix":85}
diff --git a/app/Controller/EventsController.php b/app/Controller/EventsController.php
index 1d4c0e3d8..7166f46d4 100755
--- a/app/Controller/EventsController.php
+++ b/app/Controller/EventsController.php
@@ -2896,6 +2896,9 @@ class EventsController extends AppController {
 					'md5' => 'Payload delivery',
 					'sha1' => 'Payload delivery',
 					'sha256' => 'Payload delivery',
+					'filename|md5' => 'Payload delivery',
+					'filename|sha1' => 'Payload delivery',
+					'filename|sha256' => 'Payload delivery',
 					'regkey' => 'Persistence mechanism',
 					'filename' => 'Payload delivery',
 					'ip-src' => 'Network activity',
diff --git a/app/Lib/Tools/ComplexTypeTool.php b/app/Lib/Tools/ComplexTypeTool.php
index f910aea19..e19dd8a9d 100644
--- a/app/Lib/Tools/ComplexTypeTool.php
+++ b/app/Lib/Tools/ComplexTypeTool.php
@@ -59,7 +59,7 @@ class ComplexTypeTool {
 	}
 	
 	public function checkFreeText($input) {
-		$iocArray = preg_split("/\r\n|\n|\r|\s|\s+/", $input);
+		$iocArray = preg_split("/\r\n|\n|\r|\s|\s+|,/", $input);
 		$resultArray = array();
 		foreach ($iocArray as $ioc) {
 			$ioc = trim($ioc);
@@ -80,6 +80,17 @@ class ComplexTypeTool {
 		$input = trim($input);
 		$input = strtolower($input);
 		
+		if (strpos($input, '|')) {
+			$compositeParts = explode('|', $input);
+			if (count($compositeParts) == 2) {
+				if ($this->__resolveFilename($compositeParts[0])) {
+					if (strlen($compositeParts[1]) == 32 && preg_match("#[0-9a-f]{32}$#", $compositeParts[1])) return array('types' => array('filename|md5'), 'to_ids' => true, 'default_type' => 'filename|md5');
+					if (strlen($compositeParts[1]) == 40 && preg_match("#[0-9a-f]{40}$#", $compositeParts[1])) return array('types' => array('filename|sha1'), 'to_ids' => true, 'default_type' => 'filename|sha1');
+					if (strlen($compositeParts[1]) == 64 && preg_match("#[0-9a-f]{64}$#", $compositeParts[1])) return array('types' => array('filename|sha256'), 'to_ids' => true, 'default_type' => 'filename|sha256');
+				}
+			}
+		}
+		
 		// check for hashes
 		if (strlen($input) == 32 && preg_match("#[0-9a-f]{32}$#", $input)) return array('types' => array('md5'), 'to_ids' => true, 'default_type' => 'md5');
 		if (strlen($input) == 40 && preg_match("#[0-9a-f]{40}$#", $input)) return array('types' => array('sha1'), 'to_ids' => true, 'default_type' => 'sha1');
@@ -153,6 +164,7 @@ class ComplexTypeTool {
 			strpos($input, '.') != 0 &&
 			strpos($input, '..') == 0 &&
 			strpos($input, '.') != (strlen($input)-1) &&
+			preg_match('/(.*)\.[^(\|\<\>\^\=\?\/\[\]\"\;\*)]*$/', $input) &&
 			!preg_match('/[?:<>|\\*:\/@]/', $input)
 		) return true;
 		return false;