From 46a6d9fcb1f1e95a3a8ea9ad59ae08b27e53512b Mon Sep 17 00:00:00 2001
From: Thomas Dupuy <thom4s.d@gmail.com>
Date: Tue, 28 Apr 2020 01:08:50 -0400
Subject: [PATCH] Add DenesRAT/METALJACK

---
 clusters/tool.json | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/clusters/tool.json b/clusters/tool.json
index 048a550..378a3ff 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -7998,7 +7998,25 @@
       },
       "uuid": "32a6065c-4f4e-4a60-8717-5872b5f21ac4",
       "value": "Gelup malware tool"
+    },
+    {
+      "description": "DenesRAT is a private Trojan horse of the \"Sea Lotus\" organization, which can perform corresponding functions according to the instructions issued by the C2 server. The main functions are file operations, such as creating files or directories, deleting files or directories, finding files; registry reading and writing; remote code execution, such as creating processes, executing DLLs, etc....",
+      "meta": {
+        "refs": [
+          "http://baijiahao.baidu.com/s?id=1661498030941117519",
+          "https://www.fireeye.com/blog/threat-research/2020/04/apt32-targeting-chinese-government-in-covid-19-related-espionage.html"
+        ],
+        "synonyms": [
+          "METALJACK"
+        ],
+        "type": [
+          "Loader",
+          "Backdoor"
+        ]
+      },
+      "uuid": "edd9e14c-80f7-4a50-ab85-fa1120c54003",
+      "value": "DenesRAT"
     }
   ],
-  "version": 133
+  "version": 134
 }