From b38799044d3a02eb602735b04c776af1aa4de532 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Mon, 21 Nov 2016 09:21:55 +0100
Subject: [PATCH] KeyBoy malware added

---
 clusters/tools.json | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/clusters/tools.json b/clusters/tools.json
index c370738..05335a8 100644
--- a/clusters/tools.json
+++ b/clusters/tools.json
@@ -617,6 +617,11 @@
       "value": "Explosive",
       "description": "Beginning in late 2012, a carefully orchestrated attack campaign we call Volatile Cedar has been targeting individuals, companies and institutions worldwide. This campaign, led by a persistent attacker group, has successfully penetrated a large number of targets using various attack techniques, and specifically, a custom-made malware implant codenamed Explosive. ",
       "refs": ["https://www.checkpoint.com/downloads/volatile-cedar-technical-report.pdf"]
+    },
+    {
+      "value": "KeyBoy",
+      "description": "The actors used a new version of “KeyBoy,” a custom backdoor first disclosed by researchers at Rapid7 in June 2013. Their work outlined the capabilities of the backdoor, and exposed the protocols and algorithms used to hide the network communication and configuration data",
+      "refs": ["https://citizenlab.org/2016/11/parliament-keyboy/", "https://community.rapid7.com/community/infosec/blog/2013/06/07/keyboy-targeted-attacks-against-vietnam-and-india"]
     }
   ],
   "version": 2,