From 1846020d00e9a922c824857b3beb14a4674ad9dc Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Tue, 25 Oct 2016 23:35:04 +0200
Subject: [PATCH] Houdini added

---
 elements/threat-actor-tools.json | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/elements/threat-actor-tools.json b/elements/threat-actor-tools.json
index efbdfd1..6ac3742 100644
--- a/elements/threat-actor-tools.json
+++ b/elements/threat-actor-tools.json
@@ -522,6 +522,12 @@
        "value": "Odinaff",
        "description": "Odinaff is typically deployed in the first stage of an attack, to gain a foothold onto the network, providing a persistent presence and the ability to install additional tools onto the target network. These additional tools bear the hallmarks of a sophisticated attacker which has plagued the financial industry since at least 2013–Carbanak. This new wave of attacks has also used some infrastructure that has previously been used in Carbanak campaigns.",
        "refs": ["https://www.symantec.com/connect/blogs/odinaff-new-trojan-used-high-level-financial-attacks"]
+    },
+    {
+       "value": "Hworm",
+       "description": "Unit 42 has observed a new version of Hworm (or Houdini) being used within multiple attacks. This blog outlines technical details of this new Hworm version and documents an attack campaign making use of the backdoor. Of the samples used in this attack, the first we observed were June 2016, while as-of publication we were still seeing attacks as recently as mid-October, suggesting that this is likely an active, ongoing campaign.",
+       "refs": ["http://researchcenter.paloaltonetworks.com/2016/10/unit42-houdinis-magic-reappearance/"],
+       "synonyms": ["Houdini"]
     }
   ],
   "version": 1,