From fecfdd39f3f51b01e5b48399c035f64969178a84 Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Mon, 25 Sep 2017 15:18:51 +0200
Subject: [PATCH] add Adwind RAT synonyms

---
 clusters/rat.json | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/clusters/rat.json b/clusters/rat.json
index 963a631..1daa7e8 100644
--- a/clusters/rat.json
+++ b/clusters/rat.json
@@ -175,11 +175,17 @@
       "meta": {
         "synonyms": [
           "UNRECOM",
-          "UNiversal REmote COntrol Multi-Platform"
+          "UNiversal REmote COntrol Multi-Platform",
+          "Frutas",
+          "AlienSpy",
+          "Unrecom",
+          "Jsocket",
+          "JBifrost"
         ],
         "refs": [
           "https://securelist.com/securelist/files/2016/02/KL_AdwindPublicReport_2016.pdf",
-          "https://www.f-secure.com/v-descs/backdoor_java_adwind.shtml"
+          "https://www.f-secure.com/v-descs/backdoor_java_adwind.shtml",
+          "https://blog.fortinet.com/2016/08/16/jbifrost-yet-another-incarnation-of-the-adwind-rat"
         ]
       },
       "description": "Backdoor:Java/Adwind is a Java archive (.JAR) file that drops a malicious component onto the machines and runs as a backdoor. When active, it is capable of stealing user information and may also be used to distribute other malware. ",