From 54cd80ee2da667dc2cdcb5186cf9cd3dcac16ad7 Mon Sep 17 00:00:00 2001
From: rmkml <rmkml@yahoo.fr>
Date: Fri, 12 Apr 2019 22:42:57 +0200
Subject: [PATCH] Add Brushaloader Malware

---
 clusters/tool.json | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/clusters/tool.json b/clusters/tool.json
index d3b494c..17a5a7c 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -7620,7 +7620,17 @@
       ],
       "uuid": "e1ca79eb-5629-4267-bb37-3992c7126ef4",
       "value": "EVILNUM"
+    },
+    {
+      "description": "Brushaloader also leverages a combination of VBScript and PowerShell to create a Remote Access Trojan (RAT) that allows persistent command execution on infected systems.",
+      "meta": {
+        "refs": [
+          "https://blog.talosintelligence.com/2019/02/combing-through-brushaloader.html"
+        ]
+      },
+      "uuid": "e1ca79ea-5628-4266-bb36-3892c7126ef4",
+      "value": "Brushaloader"
     }
   ],
-  "version": 115
+  "version": 116
 }