From 9517f26120f8f2c45b5bb0f2a4546720e4e777cd Mon Sep 17 00:00:00 2001
From: root <misp@dontneedcoffee.com>
Date: Thu, 5 Jan 2017 14:12:30 +0100
Subject: [PATCH] Mwi added

---
 clusters/exploit-kit.json | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/clusters/exploit-kit.json b/clusters/exploit-kit.json
index 4a64b2f..c96105e 100755
--- a/clusters/exploit-kit.json
+++ b/clusters/exploit-kit.json
@@ -101,6 +101,20 @@
 		"status": "Active"
        }
     }
+,
+    { "value": "MWI",
+      "description": "Microsoft Word Intruder is an exploit kit focused on Word and embedded flash exploits. The author wants to avoid their customer to use it in mass spam campaign, so it's most often connected to semi-targeted attacks",
+      "meta": {
+        "refs": [
+          "https://www.fireeye.com/blog/threat-research/2015/04/a_new_word_document.html",
+          "https://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/sophos-microsoft-word-intruder-revealed.pdf"
+        ],
+       "synonyms": [
+          ""
+        ],
+		"status": "Active"
+       }
+    }
 ,
     { "value": "Neutrino",
       "description": "Neutrino Exploit Kit has been one of the major exploit kit from its launch in 2013 till september 2016 when it become private (defense name for this variation is Neutrino-v). This EK vanished from  march 2014 till november 2014.",