From 3059c70ae63295eda025b5714d554ea685730897 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=BCrgen=20L=C3=B6hel?= <juergen.loehel@inlyse.com>
Date: Thu, 13 Jan 2022 11:52:34 -0600
Subject: [PATCH] Adds UPAS-Kit
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
---
 clusters/botnet.json | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/clusters/botnet.json b/clusters/botnet.json
index cc85c70..f8c02f8 100644
--- a/clusters/botnet.json
+++ b/clusters/botnet.json
@@ -1181,7 +1181,23 @@
       },
       "uuid": "ea2906a5-d493-4afa-b770-436c0c246c78",
       "value": "Mozi"
+    },
+    {
+      "description": "UPAS-Kit was advertised by auroras a/k/a vinny in middle of june 2012 via exploit.in. Upas is the predecessor of Kronos. Marcus Hutchins helped create and, in partnership with another, sell malicious computer code, a/k/a malware, known as UPAS-Kit.",
+      "meta": {
+        "refs": [
+          "https://research.checkpoint.com/2018/deep-dive-upas-kit-vs-kronos/",
+          "https://malware.dontneedcoffee.com/2012/08/inside-upas-kit1.0.1.1.html",
+          "https://web.archive.org/web/20130120062602/http://onthar.in/articles/upas-kit-analysis/",
+          "https://regmedia.co.uk/2019/04/19/plea.pdf"
+        ],
+        "synonyms": [
+          "Rombrast"
+        ]
+      },
+      "uuid": "099223a1-4a6e-4024-8e48-dbe199ec7244",
+      "value": "UPAS-Kit"
     }
   ],
-  "version": 22
+  "version": 23
 }