From b865342f2e3c8bc0f2726f8e670c96245617e5e6 Mon Sep 17 00:00:00 2001
From: Thanat0s <Thanspam@trollprod.org>
Date: Sun, 26 Feb 2017 22:47:16 +0100
Subject: [PATCH] pimp xneteagle

---
 clusters/tool.json | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/clusters/tool.json b/clusters/tool.json
index 3025a76..46a361b 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -473,7 +473,21 @@
       }
     },
     {
-      "value": "NETEAGLE"
+      "value": "Neteagle",
+      "description": "NETEAGLE is a backdoor developed by APT30 with compile dates as early as 2008. It has two main variants known as Scout and Norton.",
+      "meta": {
+        "refs": [
+          "https://attack.mitre.org/wiki/Software/S0034",
+          "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
+        ],
+        "synonyms": [
+          "scout",
+          "norton"
+        ],
+        "type": [
+          "Backdoor"
+        ]
+      }
     },
     {
       "value": "Agent.BTZ",