Skip to content

File Observables with no Hash Create their own Hash #1069

New issue
New issue
Closed
Closed
File Observables with no Hash Create their own Hash#1069

Description

@securitiz

securitiz
openedon Feb 9, 2021

Description

When creating a file observable with no hashes (for example, with only the file name property filled in), OpenCTI hashes the filename itself and displays it as the hash of the file. This is a mistake, as the hash could be misconstrued to be the hash of the actual file.

Environment

  1. OS (where OpenCTI server runs): Ubuntu 20.04
  2. OpenCTI version: 4.1.1
  3. OpenCTI client: frontend
  4. Other environment details:

Reproducible Steps

Steps to create the smallest reproducible scenario:

  1. Create new File observable
  2. Set the observable's value to be "test.txt"
  3. Leave the hash values as empty
  4. Create object

Expected Output

A file observable is created, with empty hash values, and the object's name is "test.txt"

Actual Output

A file observable is created, with the MD5 hash value set to "dd18bf3a8e0a2a3e53e2661c7fb53534". This is the hash of the string "test.txt".

Additional information

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    featureuse for describing a new feature to developsolveduse to identify issue that has been solved (must be linked to the solving PR)

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions