From f51f13e84bbea7bcc2e4fea60e5f56cb23499ce3 Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Thu, 2 May 2019 10:15:26 +0200
Subject: [PATCH 1/2] add AESDDoS Botnet

---
 clusters/botnet.json | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/clusters/botnet.json b/clusters/botnet.json
index a57b2bf4..545602e9 100644
--- a/clusters/botnet.json
+++ b/clusters/botnet.json
@@ -1147,7 +1147,17 @@
       },
       "uuid": "f387e30a-dc48-11e8-b9f4-370bc63008bf",
       "value": "Chalubo"
+    },
+    {
+      "description": "Our honeypot sensors recently detected an AESDDoS botnet malware variant (detected by Trend Micro as Backdoor.Linux.AESDDOS.J) exploiting a server-side template injection vulnerability (CVE-2019-3396) in the Widget Connector macro in Atlassian Confluence Server, a collaboration software program used by DevOps professionals.",
+      "meta": {
+        "refs": [
+          "https://blog.trendmicro.com/trendlabs-security-intelligence/aesddos-botnet-malware-exploits-cve-2019-3396-to-perform-remote-code-execution-ddos-attacks-and-cryptocurrency-mining/"
+        ]
+      },
+      "uuid": "809d100b-d46d-40f4-b498-5371f46bb9d6",
+      "value": "AESDDoS"
     }
   ],
-  "version": 19
+  "version": 20
 }

From dda2ede5f25f56640bfedbaaab1758d57d38f9f2 Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Thu, 2 May 2019 13:02:00 +0200
Subject: [PATCH 2/2] add JasperLoader

---
 clusters/tool.json | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/clusters/tool.json b/clusters/tool.json
index 8493546c..9fb98065 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -7660,7 +7660,17 @@
       },
       "uuid": "50baa4dc-0667-4b47-b4aa-374a2743f409",
       "value": "Cowboy"
+    },
+    {
+      "description": "JasperLoader employs a multi-stage infection process that features several obfuscation techniques that make analysis more difficult. It appears that this loader was designed with resiliency and flexibility in mind, as evidenced in later stages of the infection process. ",
+      "meta": {
+        "refs": [
+          "https://blog.talosintelligence.com/2019/04/jasperloader-targets-italy.html?m=1"
+        ]
+      },
+      "uuid": "d8de6b56-9950-4389-83b8-4fc3262dc4c9",
+      "value": "JasperLoader"
     }
   ],
-  "version": 118
+  "version": 119
 }