From 1985de4d44b14712cc4c7328970d731c83ce589c Mon Sep 17 00:00:00 2001
From: Thomas Dupuy <thom4s.d@gmail.com>
Date: Fri, 27 Aug 2021 10:28:06 +0200
Subject: [PATCH] Add BLUELIGHT tool.

---
 clusters/tool.json | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/clusters/tool.json b/clusters/tool.json
index b81a6d5..f9540ed 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -8426,7 +8426,20 @@
       },
       "uuid": "2214b113-6942-494f-94b7-576e74fccdb5",
       "value": "Matanbuchus"
+    },
+    {
+      "description": "It is likely that BLUELIGHT is used as a secondary payload following successful delivery of Cobalt Strike.",
+      "meta": {
+        "refs": [
+          "https://www.volexity.com/blog/2021/08/17/north-korean-apt-inkysquid-infects-victims-using-browser-exploits/"
+        ],
+        "type": [
+          "backdoor"
+        ]
+      },
+      "uuid": "b1c4f468-1c55-40aa-bce4-c3772ef83d0c",
+      "value": "BLUELIGHT"
     }
   ],
-  "version": 146
+  "version": 147
 }