From 5355910a8f17e4faf3f75d11f31b29eb2f3bcbdc Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Mon, 7 Oct 2019 13:38:40 +0200
Subject: [PATCH] add legitimate tools

---
 clusters/tool.json | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/clusters/tool.json b/clusters/tool.json
index 69ae9bc..940a094 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -7844,7 +7844,19 @@
       },
       "uuid": "a577bb0d-9732-449a-80f7-5e6c93e6046c",
       "value": "Reductor"
+    },
+    {
+      "value": "ProcDump",
+      "description": "Legitimate tool - command-line tool used to monitor a running process and dump memory depending on customcriteria. The attackers use this tool to dump the LSASS process to gatherWINDOWScredentials hashes"
+    },
+    {
+      "value": "CertMig",
+      "description": "Legitimate tool - command-line tool used to import and export certificates on a machine. The attackers use this toolto gather credentials used for VPN authentication to the clients’ networks"
+    },
+    {
+      "value": "Netscan",
+      "description": "Legitimate tool - tool used to scan IPv4/IPv6 networks and remotely execute PowerShell commands."
     }
   ],
-  "version": 125
+  "version": 126
 }