refactor: change wording when hash has low score

Neo23x0 · Apr 25, 2023 · e6e038d · e6e038d
1 parent 9dbe018
commit e6e038d
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 3 deletions.
diff --git a/lib/lokilogger.py b/lib/lokilogger.py
@@ -15,7 +15,7 @@
 import socket
 from .helpers import removeNonAsciiDrop
 
-__version__ = '0.46.0'
+__version__ = '0.46.1'
 
 
 # Logger Class -----------------------------------------------------------------

diff --git a/loki.py b/loki.py
@@ -391,6 +391,7 @@ def scan_path(self, path):
 
                         # Malware Hash
                         matchScore = 100
+                        matchLevel = "Malware"
                         if ioc_contains(self.hashes_md5_list, md5_num):
                             matchType = "MD5"
                             matchDesc = self.hashes_md5[md5_num]
@@ -407,12 +408,16 @@ def scan_path(self, path):
                             matchHash = sha256
                             matchScore = self.hashes_scores[sha256_num]
 
+                        # If score is low change the description
+                        if matchScore < 80:
+                            matchLevel = "Suspicious"
+
                         # Hash string
                         hashString = "MD5: %s SHA1: %s SHA256: %s" % ( md5, sha1, sha256 )
 
                         if matchType:
-                            reasons.append("Malware Hash TYPE: %s HASH: %s SUBSCORE: %d DESC: %s" % (
-                            matchType, matchHash, matchScore, matchDesc))
+                            reasons.append("%s Hash TYPE: %s HASH: %s SUBSCORE: %d DESC: %s" % (
+                            matchLevel, matchType, matchHash, matchScore, matchDesc))
                             total_score += matchScore
 
                         # Script Anomalies Check