From 1e9e44c89d16469324ee3d6bf5207002793660fd Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Sun, 6 Nov 2016 10:51:28 +0100
Subject: [PATCH] Empire post-exploitation tool added

---
 clusters/tools.json | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/clusters/tools.json b/clusters/tools.json
index e62649d..320a45d 100644
--- a/clusters/tools.json
+++ b/clusters/tools.json
@@ -611,6 +611,11 @@
       "value": "Vawtrak",
       "description": "Vawtrak is an information stealing malware family that is primarily used to gain unauthorised access to bank accounts through online banking websites.",
       "refs": ["https://www.sophos.com/medialibrary/PDFs/technical%20papers/sophos-vawtrak-international-crimeware-as-a-service-tpna.pdf"]
+    },
+    {
+      "value": "Empire",
+      "description": "Empire is a pure PowerShell post-exploitation agent built on cryptologically-secure communications and a flexible architecture. Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz, and adaptable communications to evade network detection, all wrapped up in a usability-focused framework",
+      "refs": ["https://github.com/adaptivethreat/Empire"]
     }
   ],
   "version": 2,