From 44cc53d9567087385b61a0cb096b63767814cb29 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Thu, 19 Jan 2017 08:30:46 +0100
Subject: [PATCH] EyePyramid added

---
 clusters/tool.json | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/clusters/tool.json b/clusters/tool.json
index e892f95..6b156f9 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -1239,9 +1239,17 @@
        "meta": {
          "refs": ["https://www.bleepingcomputer.com/news/security/new-ghostadmin-malware-used-for-data-theft-and-exfiltration/"]
        }
+    },
+    {
+       "value": " EyePyramid Malware",
+       "description": "Two Italians referred to as the “Occhionero brothers” have been arrested and accused of using malware and a carefully-prepared spear-phishing scheme to spy on high-profile politicians and businessmen. This case has been called “EyePyramid”, which we first discussed last week. (Conspiracy theories aside, the name came from a domain name and directory path that was found during the research.)",
+       "meta": {
+         "refs": ["http://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-inner-workings-eyepyramid/"],
+         "country": "IT"
+       }
     }
   ],
-  "version": 13,
+  "version": 14,
   "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
   "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
   "author": [