From 1b92f13c93565aa85d7dd4ffb9dc3567e525b9ac Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Mon, 7 Nov 2016 16:17:09 +0100
Subject: [PATCH] Explosive malware added

---
 clusters/tools.json | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/clusters/tools.json b/clusters/tools.json
index 43c13d6..084effa 100644
--- a/clusters/tools.json
+++ b/clusters/tools.json
@@ -616,6 +616,11 @@
       "value": "Empire",
       "description": "Empire is a pure PowerShell post-exploitation agent built on cryptologically-secure communications and a flexible architecture. Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz, and adaptable communications to evade network detection, all wrapped up in a usability-focused framework",
       "refs": ["https://github.com/adaptivethreat/Empire"]
+    },
+    {
+      "value": "Explosive",
+      "description": "Beginning in late 2012, a carefully orchestrated attack campaign we call Volatile Cedar has been targeting individuals, companies and institutions worldwide. This campaign, led by a persistent attacker group, has successfully penetrated a large number of targets using various attack techniques, and specifically, a custom-made malware implant codenamed Explosive. ",
+      "refs": ["https://www.checkpoint.com/downloads/volatile-cedar-technical-report.pdf"]
     }
   ],
   "version": 2,