From ba631f1b434ee7298c424f316a9ee97609ed90d0 Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Fri, 4 May 2018 15:12:56 +0200
Subject: [PATCH 1/2] add spymaster pro as rat

---
 clusters/rat.json | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/clusters/rat.json b/clusters/rat.json
index d405130..41a65ed 100644
--- a/clusters/rat.json
+++ b/clusters/rat.json
@@ -7,7 +7,7 @@
   ],
   "description": "remote administration tool or remote access tool (RAT), also called sometimes remote access trojan, is a piece of software or programming that allows a remote \"operator\" to control a system as if they have physical access to that system.",
   "uuid": "312f8714-45cb-11e7-b898-135207cdceb9",
-  "version": 8,
+  "version": 9,
   "values": [
     {
       "meta": {
@@ -2443,6 +2443,17 @@
         ]
       },
       "uuid": "2d356870-4ecd-11e8-9bb8-e3ba5aa7da31"
+    },
+    {
+      "value": "Spymaster Pro",
+      "description": "Monitoring Software",
+      "meta": {
+        "refs": [
+          "https://www.spymasterpro.com/",
+          "https://spycellphone.mobi/reviews/spymaster-pro-real-review-with-screenshots"
+        ]
+      },
+      "uuid": "e9f9d900-4f9a-11e8-bce9-4bfbb0e9ab4c"
     }
   ]
 }

From d6e4c166c5103f3d5e768fbd4627beadf7c78e1b Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Fri, 4 May 2018 15:59:37 +0200
Subject: [PATCH 2/2] add an unnamed ransomware

---
 clusters/ransomware.json | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/clusters/ransomware.json b/clusters/ransomware.json
index 1119ebf..7aa7e0d 100644
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@@ -9655,6 +9655,23 @@
         ]
       },
       "uuid": "94290f1c-46ff-11e8-b9c6-ef8852c58952"
+    },
+    {
+      "value": "Unnamed ramsomware 1",
+      "description": "A new in-development ransomware was discovered that has an interesting characteristic. Instead of the distributed executable performing the ransomware functionality, the executables compiles an embedded encrypted C# program at runtime and launches it directly into memory.",
+      "meta": {
+        "refs": [
+          "https://www.bleepingcomputer.com/news/security/new-c-ransomware-compiles-itself-at-runtime/"
+        ],
+        "extensions": [
+          "sequre@tuta.io_[hex]"
+        ],
+        "ransomnotes": [
+          "HOW DECRIPT FILES.hta",
+          "https://www.bleepstatic.com/images/news/ransomware/c/compiled-ransomware/ransom-note.jpg"
+        ]
+      },
+      "uuid": "c1788ac0-4fa0-11e8-b0fd-63f5a2914926"
     }
   ],
   "source": "Various",