From f0678ac63aae21ad0eba2ffa5101f191be69cb7c Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Wed, 23 Nov 2016 10:19:17 +0100
Subject: [PATCH] Yahoyah added

---
 clusters/tools.json | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/clusters/tools.json b/clusters/tools.json
index 05335a8..bb8f60d 100644
--- a/clusters/tools.json
+++ b/clusters/tools.json
@@ -622,6 +622,12 @@
       "value": "KeyBoy",
       "description": "The actors used a new version of “KeyBoy,” a custom backdoor first disclosed by researchers at Rapid7 in June 2013. Their work outlined the capabilities of the backdoor, and exposed the protocols and algorithms used to hide the network communication and configuration data",
       "refs": ["https://citizenlab.org/2016/11/parliament-keyboy/", "https://community.rapid7.com/community/infosec/blog/2013/06/07/keyboy-targeted-attacks-against-vietnam-and-india"]
+    },
+    {
+      "value": "Yahoyah",
+      "description": "The attacks in this case are associated with a campaign called Tropic Trooper, which has been active since at least 2011 and is known for heavily targeting Taiwan. One of the attacks used their known Yahoyah malware...",
+      "refs": ["http://researchcenter.paloaltonetworks.com/2016/11/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/"],
+      "synonyms": ["W32/Seeav"]
     }
   ],
   "version": 2,