From 98e2dedd7d24ac98e900cfa05694ec99b9e9381b Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Thu, 21 Apr 2016 09:51:50 +0200
Subject: [PATCH] PWOBot added

---
 elements/threat-actor-tools.json | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/elements/threat-actor-tools.json b/elements/threat-actor-tools.json
index 05b6743..2f80266 100644
--- a/elements/threat-actor-tools.json
+++ b/elements/threat-actor-tools.json
@@ -33,6 +33,11 @@
       "description": "Android-based malware",
       "synonyms": ["GM-Bot", "Acecard"]
     },
+    {
+      "value": "PWOBot",
+      "description": "We have discovered a malware family named ‘PWOBot’ that is fairly unique because it is written entirely in Python, and compiled via PyInstaller to generate a Microsoft Windows executable. The malware has been witnessed affecting a number of Europe-based organizations, particularly in Poland. Additionally, the malware is delivered via a popular Polish file-sharing web service.",
+      "refs": ["http://researchcenter.paloaltonetworks.com/2016/04/unit42-python-based-pwobot-targets-european-organizations/"]
+    },
     {
       "value": "Lstudio"
     },