From 2fefd3810da0186ffc1725b4dd20f54b00a91197 Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Fri, 27 Oct 2017 11:42:01 +0200
Subject: [PATCH] add dimnie

---
 clusters/tool.json | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/clusters/tool.json b/clusters/tool.json
index 2ecdb67..8da1a55 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -3002,6 +3002,15 @@
           "https://www.arbornetworks.com/blog/asert/formidable-formbook-form-grabber/"
         ]
       }
+    },
+    {
+      "value": "Dimnie",
+      "description": "Dimnie, the commonly agreed upon name for the binary dropped by the PowerShell script above, has been around for several years. Palo Alto Networks has observed samples dating back to early 2014 with identical command and control mechanisms. The malware family serves as a downloader and has a modular design encompassing various information stealing functionalities. Each module is injected into the memory of core Windows processes, further complicating analysis. During its lifespan, it appears to have undergone few changes and its stealthy command and control methods combined with a previously Russian focused target base has allowed it to fly under the radar up until this most recent campaign.",
+      "meta": {
+        "refs": [
+          "https://researchcenter.paloaltonetworks.com/2017/03/unit42-dimnie-hiding-plain-sight/"
+        ]
+      }
     }
   ]
 }