From 31ba566c1827bfed057fbaea388e5e902ca81b7f Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Thu, 7 Mar 2019 15:51:16 +0100
Subject: [PATCH] chg: [tool] SLUB Backdoor added

---
 clusters/tool.json | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/clusters/tool.json b/clusters/tool.json
index 7fe9fe45..d98e045d 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -7552,7 +7552,17 @@
       },
       "uuid": "78ed653d-2d76-4a99-849e-1509e4573c32",
       "value": "BabyShark"
+    },
+    {
+      "uuid": "bb6492fa-36b5-4f4a-a787-e718e7f9997f",
+      "value": "SLUB Backdoor",
+      "description": "The SLUB backdoor is a custom one written in the C++ programming language, statically linking curl library to perform multiple HTTP requests. Other statically-linked libraries are boost (for extracting commands from gist snippets) and JsonCpp (for parsing slack channel communication).",
+      "meta": {
+        "refs": [
+          "https://blog.trendmicro.com/trendlabs-security-intelligence/new-slub-backdoor-uses-github-communicates-via-slack/"
+        ]
+      }
     }
   ],
-  "version": 111
+  "version": 112
 }