From ba6892408bb8a06e5b439ff01444116ddfdc0e22 Mon Sep 17 00:00:00 2001
From: raw-data <raw-data@users.noreply.github.com>
Date: Fri, 1 Jun 2018 15:09:22 +0100
Subject: [PATCH] [ADD] NavRAT

---
 clusters/rat.json | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/clusters/rat.json b/clusters/rat.json
index fcfaa95..21c9776 100644
--- a/clusters/rat.json
+++ b/clusters/rat.json
@@ -1,6 +1,6 @@
 {
   "uuid": "312f8714-45cb-11e7-b898-135207cdceb9",
-  "description": "remote administration tool or remote access tool (RAT), also called sometimes remote access trojan, is a piece of software or programming that allows a remote \"operator\" to control a system as if they have physical access to that system.",
+  "name": "RAT",
   "source": "MISP Project",
   "version": 9,
   "values": [
@@ -2480,11 +2480,21 @@
       "uuid": "e9f9d900-4f9a-11e8-bce9-4bfbb0e9ab4c",
       "value": "Spymaster Pro",
       "description": "Monitoring Software"
+    },
+    {
+      "meta": {
+        "refs": [
+          "https://blog.talosintelligence.com/2018/05/navrat.html"
+        ]
+      },
+      "description": "Classic RAT that can download, upload, execute commands on the victim host and perform keylogging. However, the command and control (C2) infrastructure is very specific. It uses the legitimate Naver email platform in order to communicate with the attackers via email",
+      "value": "NavRAT",
+      "uuid": "6ea032a0-d54a-463b-b016-2b7b9b9a5b7e"
     }
   ],
   "authors": [
     "Various"
   ],
   "type": "rat",
-  "name": "RAT"
+  "description": "remote administration tool or remote access tool (RAT), also called sometimes remote access trojan, is a piece of software or programming that allows a remote \"operator\" to control a system as if they have physical access to that system."
 }