From af16b7c6a16e6a516923f37c2d45ef6e3d02f348 Mon Sep 17 00:00:00 2001
From: cgi <c.giese@telekom.de>
Date: Thu, 26 Jan 2017 11:23:37 +0100
Subject: [PATCH] Adding Zeus  to tools

---
 clusters/tool.json | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/clusters/tool.json b/clusters/tool.json
index ded4480..d583a21 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -1194,6 +1194,21 @@
       "description": "GeminiDuke is malware that was used by APT29 from 2009 to 2012.",
       "value": "GeminiDuke"
     },
+    {
+      "meta": {
+        "synonyms": [
+          "Trojan.Zbot",
+          "Zbot",
+          "ZeuS"
+        ],
+        "refs": [
+          "https://en.wikipedia.org/wiki/Zeus_(malware)",
+          "https://www.symantec.com/security_response/writeup.jsp?docid=2010-011016-3514-99"
+        ]
+      },
+      "description": "Trojan.Zbot, also called Zeus, is a Trojan horse that attempts to steal confidential information from the compromised computer. It may also download configuration files and updates from the Internet. The Trojan is created using a Trojan-building toolkit.",
+      "value": "Zeus"
+    },
     {
       "meta": {
         "derivated-from": [