From 088e7477a627fdea40b905bd050ec80b28445232 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Wed, 24 Apr 2019 11:40:06 +0200
Subject: [PATCH] chg: [tool] Karkoff tool added

---
 clusters/tool.json | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/clusters/tool.json b/clusters/tool.json
index 17a5a7c..f2df2d8 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -7630,7 +7630,17 @@
       },
       "uuid": "e1ca79ea-5628-4266-bb36-3892c7126ef4",
       "value": "Brushaloader"
+    },
+    {
+      "uuid": "a9fc6d3d-09d5-45c3-a91e-e8c61ef37908",
+      "value": "Karkoff",
+      "meta": {
+        "refs": [
+          "https://blog.talosintelligence.com/2019/04/dnspionage-brings-out-karkoff.html"
+        ]
+      },
+      "description": "In addition to increased reports of threat activity, we have also discovered new evidence that the threat actors behind the DNSpionage campaign continue to change their tactics, likely in an attempt to improve the efficacy of their operations. In February, we discovered some changes to the actors' tactics, techniques and procedures (TTPs), including the use of a new reconnaissance phase that selectively chooses which targets to infect with malware. In April 2019, we also discovered the actors using a new malware, which we are calling Karkoff."
     }
   ],
-  "version": 116
+  "version": 117
 }