From 2fd3d3221d3dade8d7d661d8bbc2cf1fa08a6e28 Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Fri, 20 Oct 2017 15:09:20 +0200
Subject: [PATCH] add IoT_reaper

---
 clusters/tool.json | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/clusters/tool.json b/clusters/tool.json
index 0416b74..0d44398 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -2983,6 +2983,15 @@
           "https://cdn.securelist.com/files/2017/08/ShadowPad_technical_description_PDF.pdf"
         ]
       }
+    },
+    {
+      "value": "IoT_reaper",
+      "description": "IoT_reaper is fairly large now and is actively expanding. For example, there are multiple C2s we are tracking, the most recently data (October 19) from just one C2 shows the number of unique active bot IP address is more than 10k per day. While at the same time, there are millions of potential vulnerable device IPs being queued into the c2 system waiting to be processed by an automatic loader that injects malicious code to the devices to expand the size of the botnet.",
+      "meta": {
+        "refs" : [
+          "http://blog.netlab.360.com/iot_reaper-a-rappid-spreading-new-iot-botnet-en/"
+        ]
+      }
     }
   ]
 }