From c005e315840613b25d1d6cd28d30a72b0b8ab8e4 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Mon, 1 Aug 2016 15:36:59 +0200
Subject: [PATCH] Prikormka malware added

---
 elements/threat-actor-tools.json | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/elements/threat-actor-tools.json b/elements/threat-actor-tools.json
index 44f65db..ad6f88c 100644
--- a/elements/threat-actor-tools.json
+++ b/elements/threat-actor-tools.json
@@ -485,7 +485,12 @@
     {
       "value": "Crimson",
       "description": "Crimson is malware used as part of a campaign known as Operation Transparent Tribe that targeted Indian diplomatic and military victims",
-      "refs: ["https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf"]
+      "refs": ["https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf"]
+    },
+    {
+      "value": "Prikormka",
+      "description": "Operation Groundbait based on our research into the Prikormka malware family. This includes detailed technical analysis of the Prikormka malware family and its spreading mechanisms, and a description of the most noteworthy attack campaigns.",
+      "refs": ["http://www.welivesecurity.com/wp-content/uploads/2016/05/Operation-Groundbait.pdf"]
     }
 
   ],