From 5070314aaefd1032d792cd216183f9a306dc40b8 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Thu, 25 Jan 2018 15:39:44 +0100
Subject: [PATCH] add: Matsuta IoT botnet added

---
 clusters/tool.json | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/clusters/tool.json b/clusters/tool.json
index 048e61b..a50112c 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -10,7 +10,7 @@
   ],
   "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
   "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
-  "version": 49,
+  "version": 50,
   "values": [
     {
       "meta": {
@@ -1484,6 +1484,15 @@
       "description": "Mirai (Japanese for \"the future\") is malware that turns computer systems running Linux into remotely controlled \"bots\", that can be used as part of a botnet in large-scale network attacks. It primarily targets online consumer devices such as remote cameras and home routers. The Mirai botnet has been used in some of the largest and most disruptive distributed denial of service (DDoS) attacks, including an attack on 20 September 2016 on computer security journalist Brian Krebs's web site, an attack on French web host OVH and the October 2016 Dyn cyberattack.",
       "value": "Mirai"
     },
+    {
+      "value": "Matsuta",
+      "description": "IoT malware based on Mirai but slightly improved.",
+      "metat": {
+        "refs": [
+          "https://blog.newskysecurity.com/masuta-satori-creators-second-botnet-weaponizes-a-new-router-exploit-2ddc51cc52a7"
+        ]
+      }
+    },
     {
       "value": "BASHLITE"
     },