From 5597e5af1c5b186fb8c899c230c8b3b26868b69a Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Fri, 27 Oct 2017 10:30:21 +0200 Subject: [PATCH 1/2] add Formbook --- clusters/tool.json | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/clusters/tool.json b/clusters/tool.json index b7949df..4835201 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -10,7 +10,7 @@ ], "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.", "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f", - "version": 34, + "version": 35, "values": [ { "meta": { @@ -2992,6 +2992,16 @@ "http://blog.netlab.360.com/iot_reaper-a-rappid-spreading-new-iot-botnet-en/" ] } + }, + { + "value": "FormBook", + "description": "FormBook is a data stealer and form grabber that has been advertised in various hacking forums since early 2016.", + "mata": { + "refs": [ + "https://www.fireeye.com/blog/threat-research/2017/10/formbook-malware-distribution-campaigns.html", + "https://www.arbornetworks.com/blog/asert/formidable-formbook-form-grabber/" + ] + } } ] } From 2533c1b54e763820ad45958cf6fe87ecc646faa5 Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Fri, 27 Oct 2017 10:33:58 +0200 Subject: [PATCH 2/2] fix typo --- clusters/tool.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/tool.json b/clusters/tool.json index 4835201..2ecdb67 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -2996,7 +2996,7 @@ { "value": "FormBook", "description": "FormBook is a data stealer and form grabber that has been advertised in various hacking forums since early 2016.", - "mata": { + "meta": { "refs": [ "https://www.fireeye.com/blog/threat-research/2017/10/formbook-malware-distribution-campaigns.html", "https://www.arbornetworks.com/blog/asert/formidable-formbook-form-grabber/"