From b562e6b729d13f274b7cf0decbdb0d06b0617738 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Fri, 26 May 2017 14:52:35 +0200
Subject: [PATCH] Emotet/Geodo added

---
 clusters/tool.json | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/clusters/tool.json b/clusters/tool.json
index dbbcd0d..ad5556e 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -10,7 +10,7 @@
   ],
   "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
   "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
-  "version": 33,
+  "version": 34,
   "values": [
     {
       "meta": {
@@ -1014,6 +1014,13 @@
       },
       "value": "IsSpace"
     },
+    {
+      "value": "Emotet",
+      "meta": {
+        "refs": ["https://securelist.com/analysis/publications/69560/the-banking-trojan-emotet-detailed-analysis/"],
+        "synonyms": ["Geodo"]
+      }
+    },
     {
       "meta": {
         "synonyms": [