From f496c34fda623a2949e3f16edc2244b9d14e942c Mon Sep 17 00:00:00 2001
From: Thanat0s <thanspam@trollprod.org>
Date: Fri, 24 Feb 2017 13:57:33 +0100
Subject: [PATCH] =?UTF-8?q?generic=20plugx=20names=C2=A0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 clusters/tool.json | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/clusters/tool.json b/clusters/tool.json
index 7ff7bb7..7bb01ec 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -8,14 +8,11 @@
                     "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/web-attack/112/pulling-the-plug-on-plugx"
                 ],
                 "synonyms" : [ 
-                    "W32/Backdoor.FSZO-5117", 
-                    "Gen:Trojan.Heur.JP.juW@ayZZvMb", 
+                    "Backdoor.FSZO-5117", 
+                    "Trojan.Heur.JP.juW@ayZZvMb", 
                     "Trojan.Inject1.6386", 
-                    "Win32/Korplug.A", 
-                    "Trojan.Win32.Korplug", 
-                    "Backdoor/Win32.Plugx", 
-                    "Backdoor.Win32.Agent.dhwf", 
-                    "W32/Korplug.CH!tr"
+                    "Korplug", 
+                    "Agent.dhwf" 
                 ],
                 "category" : [ 
                     "rat"