From 32ffc98e5d60aec6177bef0af917ba03d3ab7ac8 Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Mon, 24 Jun 2019 10:20:29 +0200
Subject: [PATCH 1/2] add Felipe Trojan

---
 clusters/rat.json | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/clusters/rat.json b/clusters/rat.json
index 40e55af..50922a0 100644
--- a/clusters/rat.json
+++ b/clusters/rat.json
@@ -3372,7 +3372,17 @@
       },
       "uuid": "4b9b99f0-9c2d-4db5-aaff-09de88509c04",
       "value": "FlawedAmmy"
+    },
+    {
+      "value": "Felipe",
+      "description": "The Zscaler ThreatLabZ team came across a new strain of infostealer Trojan called Felipe, which silently installs itself onto a user’s system and connects to a command-and-control (C&C) server to send system information from the compromised system. This malware is compiled for both 32-bit and 64-bit Windows operating systems. Felipe basically steals the victim's debit and credit card information and sends it, along with other personal information, to the remote C&C server. It also sets a date and time to perform other malicious activity upon successful infection of the victim machine.",
+      "meta": {
+        "refs": [
+          "https://www.zscaler.com/blogs/research/felipe-new-infostealer-trojan"
+        ]
+      },
+      "uuid": "0f117f50-9657-11e9-8e2b-83e391e0ce57"
     }
   ],
-  "version": 29
+  "version": 30
 }

From ca45f0deec82daf4f8dd48f51a4f4881edf4d962 Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Mon, 24 Jun 2019 10:22:38 +0200
Subject: [PATCH 2/2] jq

---
 clusters/rat.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/clusters/rat.json b/clusters/rat.json
index 50922a0..cd041ba 100644
--- a/clusters/rat.json
+++ b/clusters/rat.json
@@ -3374,14 +3374,14 @@
       "value": "FlawedAmmy"
     },
     {
-      "value": "Felipe",
       "description": "The Zscaler ThreatLabZ team came across a new strain of infostealer Trojan called Felipe, which silently installs itself onto a user’s system and connects to a command-and-control (C&C) server to send system information from the compromised system. This malware is compiled for both 32-bit and 64-bit Windows operating systems. Felipe basically steals the victim's debit and credit card information and sends it, along with other personal information, to the remote C&C server. It also sets a date and time to perform other malicious activity upon successful infection of the victim machine.",
       "meta": {
         "refs": [
           "https://www.zscaler.com/blogs/research/felipe-new-infostealer-trojan"
         ]
       },
-      "uuid": "0f117f50-9657-11e9-8e2b-83e391e0ce57"
+      "uuid": "0f117f50-9657-11e9-8e2b-83e391e0ce57",
+      "value": "Felipe"
     }
   ],
   "version": 30