From d5c3312240299b435695d7beccc0eb1a3da4f47b Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Sat, 10 Dec 2016 12:08:09 +0100
Subject: [PATCH] Mirai and BASHLITE added

---
 clusters/tool.json | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/clusters/tool.json b/clusters/tool.json
index 806c399..f80a22b 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -1038,9 +1038,24 @@
     {
        "value": "Tartine",
        "description": "Delphi RAT used by Sofacy."
+    },
+    {
+       "value": "Mirai",
+       "description": "Mirai (Japanese for \"the future\") is malware that turns computer systems running Linux into remotely controlled \"bots\", that can be used as part of a botnet in large-scale network attacks. It primarily targets online consumer devices such as remote cameras and home routers. The Mirai botnet has been used in some of the largest and most disruptive distributed denial of service (DDoS) attacks, including an attack on 20 September 2016 on computer security journalist Brian Krebs's web site, an attack on French web host OVH and the October 2016 Dyn cyberattack.",
+        "meta": {
+        "refs": [
+          "https://en.wikipedia.org/wiki/Mirai_(malware)"
+        ],
+        "synonyms": [
+          "Linux/Mirai"
+        ]
+        }
+    },
+    {
+       "value": "BASHLITE"
     }
 ],
-  "version": 2,
+  "version": 3,
   "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
   "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
   "author": [