From 30fe9014ce26fbff6e1baab0816d31ed9527db3a Mon Sep 17 00:00:00 2001
From: Sascha Rommelfangen <sascha@rommelfangen.de>
Date: Mon, 22 May 2017 09:44:55 +0200
Subject: [PATCH] added adding additional tags for hashes

---
 mail_to_misp.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/mail_to_misp.py b/mail_to_misp.py
index 6c6d35d..ba1a7fc 100755
--- a/mail_to_misp.py
+++ b/mail_to_misp.py
@@ -41,6 +41,7 @@ malwaretags = config.malwaretags
 dependingtags = config.dependingtags
 tlptag_default = config.tlptag_default
 stopword = config.stopword
+hash_only_tags = config.hash_only_tags
 
 # Ignore lines in body of message
 email_data = re.sub(".*From: .*\n?","", email_data)
@@ -111,6 +112,10 @@ for h in hashlist_sha1:
 for h in hashlist_sha256:
     misp.add_hashes(new_event, sha256=h)
 
+if (len(hashlist_md5) > 0) or (len(hashlist_sha1) > 0) or (len(hashlist_sha256) > 0):
+    for tag in hash_only_tags:
+        misp.add_tag(new_event, tag)
+
 # Add IOCs and expanded information to MISP
 for entry in urllist:
     ids_flag = True