From ee3e2b3a14bc33b46055752135063f49b0ecd175 Mon Sep 17 00:00:00 2001
From: Kafeine <Kafeine@users.noreply.github.com>
Date: Tue, 29 Aug 2017 10:36:38 +0100
Subject: [PATCH] +WhiteHole +ref for Disdain

---
 clusters/exploit-kit.json | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/clusters/exploit-kit.json b/clusters/exploit-kit.json
index 363eaf8..c17e92d 100755
--- a/clusters/exploit-kit.json
+++ b/clusters/exploit-kit.json
@@ -68,6 +68,9 @@
       "value": "Disdain",
       "description": "Disdain EK has been introduced on underground forum on 2017-08-07. The panel is stolen from Sundown, the pattern are Terror alike and the obfuscation reminds Nebula",
       "meta": {
+	       "refs": [
+          "http://blog.trendmicro.com/trendlabs-security-intelligence/new-disdain-exploit-kit-detected-wild/"
+        ],
 		"status": "Active"
        }
     }
@@ -548,6 +551,16 @@
         "status": "Retired - Last seen: 2014-06"
       }
     },
+   {
+      "value": "WhiteHole",
+      "description": "WhiteHole Exploit Kit appeared in January 2013 in the tail of the CVE-2013-0422",
+      "meta": {
+        "refs": [
+          "http://malware.dontneedcoffee.com/2013/02/briefly-wave-whitehole-exploit-kit-hello.html"
+        ],
+        "status": "Retired - Last seen: 2013-12"
+      }
+    },
     {
       "value": "Unknown",
       "description": "Unknown Exploit Kit. This is a place holder for any undocumented Exploit Kit. If you use this tag, we will be more than happy to give the associated EK a deep look.",