From 92bb39265362c975f225c2c0e18d6e794d5718e3 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Tue, 31 Jan 2017 09:21:19 +0100
Subject: [PATCH] Flokibot added

---
 clusters/tool.json | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/clusters/tool.json b/clusters/tool.json
index d583a21..62b5699 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -1252,7 +1252,7 @@
        },
        "description": "Shamoon,[a] also known as Disttrack, is a modular computer virus discovered by Seculert[1] in 2012, targeting recent NT kernel-based versions of Microsoft Windows. The virus has been used for cyber espionage in the energy sector.[2][3][4] Its discovery was announced on 16 August 2012 by Symantec,[3] Kaspersky Lab,[5] and Seculert.[6] Similarities have been highlighted by Kaspersky Lab and Seculert between Shamoon and the Flame malware.[5][6]",
        "value": "Shamoon"
-    },
+     },
     {
        "value": "GhostAdmin",
        "description": "According to MalwareHunterTeam and other researchers that have looked at the malware's source code, GhostAdmin seems to be a reworked version of CrimeScene, another botnet malware family that was active around 3-4 years ago.",
@@ -1274,9 +1274,17 @@
        "meta": {
          "refs": ["http://researchcenter.paloaltonetworks.com/2016/07/unit42-investigating-the-luminositylink-remote-access-trojan-configuration/"]
        }
+    },
+    {
+       "value": "Flokibot",
+       "description": "",
+       "meta": {
+        "refs": ["https://www.arbornetworks.com/blog/asert/flokibot-flock-bots/"],
+        "synonyms": ["Floki Bot"]
+       }
     }
   ],
-  "version": 16,
+  "version": 17,
   "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
   "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
   "author": [