From 2815e486105c2ffd478e50e185d1acd86de63f5f Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Fri, 8 Mar 2019 15:57:30 +0100
Subject: [PATCH] add StealthWorker malware

---
 clusters/tool.json | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/clusters/tool.json b/clusters/tool.json
index 7fe9fe4..d618d80 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -7552,6 +7552,16 @@
       },
       "uuid": "78ed653d-2d76-4a99-849e-1509e4573c32",
       "value": "BabyShark"
+    },
+    {
+      "description": "Hackers are running a new campaign which drops the StealthWorker brute-force malware on Windows and Linux machines that end up being used to brute force other computers in a series of distributed brute force attacks.\nAs unearthed by FortiGuard Labs' Rommel Joven, the StealthWorker Golang-based brute forcer (also known as GoBrut) discovered by Malwarebytes at the end of February is actively being used to target and compromise multiple platforms.\nStealthWorker was previously connected to a number of compromised Magento-powered e-commerce websites on which attackers infiltrated skimmers designed to exfiltrate both payment and personal information.\nAs later discovered, the malware is capable of exploiting a number of vulnerabilities in to infiltrate Magento, phpMyAdmin, and cPanel Content Management Systems (CMSs), as well as brute force its way in if everything else fails.",
+      "meta": {
+        "refs": [
+          "https://www.bleepingcomputer.com/news/security/stealthworker-malware-uses-windows-linux-bots-to-hack-websites/"
+        ]
+      },
+      "uuid": "f0fc5ab9-4973-42b3-a2f6-25ff551b5566",
+      "value": "StealthWorker"
     }
   ],
   "version": 111