From 4162ccb52887963261f86215dfddc598e0b2ff4f Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Fri, 24 Sep 2021 15:35:14 +0200
Subject: [PATCH] chg: [hashlookup] KnownMalicious field added

---
 misp_modules/modules/expansion/hashlookup.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/misp_modules/modules/expansion/hashlookup.py b/misp_modules/modules/expansion/hashlookup.py
index 984d7b4..a88de8a 100644
--- a/misp_modules/modules/expansion/hashlookup.py
+++ b/misp_modules/modules/expansion/hashlookup.py
@@ -16,7 +16,7 @@ hashlookup_url = 'https://hashlookup.circl.lu/'
 class HashlookupParser():
     def __init__(self, attribute, hashlookupresult, api_url):
         self.attribute = attribute
-        self.hashlookupresult = hashlookupresult 
+        self.hashlookupresult = hashlookupresult
         self.api_url = api_url
         self.misp_event = MISPEvent()
         self.misp_event.add_attribute(**attribute)
@@ -33,6 +33,8 @@ class HashlookupParser():
         hashlookup_object = MISPObject('hashlookup')
         if 'source' in self.hashlookupresult:
             hashlookup_object.add_attribute('source', **{'type': 'text', 'value': self.hashlookupresult['source']})
+        if 'KnownMalicious' in self.hashlookupresult:
+            hashlookup_object.add_attribute('KnownMalicious', **{'type': 'text', 'value': self.hashlookupresult['KnownMalicious']})
         hashlookup_object.add_attribute('MD5', **{'type': 'md5', 'value': self.hashlookupresult['MD5']})
         hashlookup_object.add_attribute('SHA-1', **{'type': 'sha1', 'value': self.hashlookupresult['SHA-1']})
         if 'SSDEEP' in self.hashlookupresult: