From 577fb4c4797c22bbfc3c92f21e06947e2dd6c7cb Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Thu, 24 Mar 2016 07:42:27 +0100
Subject: [PATCH] More adversary tools

---
 elements/threat-actor-tools.json | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/elements/threat-actor-tools.json b/elements/threat-actor-tools.json
index 8076895..e5f50bd 100644
--- a/elements/threat-actor-tools.json
+++ b/elements/threat-actor-tools.json
@@ -110,6 +110,19 @@
       "value": "AlienSpy",
       "description": "RAT for Apple OS X platforms"
     },
+    {
+      "value": "Cadelspy",
+      "synonyms": ["WinSpy"]
+    },
+    {
+      "value": "CMStar",
+      "refs": ["http://researchcenter.paloaltonetworks.com/2016/03/digital-quartermaster-scenario-demonstrated-in-attacks-against-the-mongolian-government/"]
+    },
+    {
+      "value": "DHS2015",
+      "synonyms": ["iRAT"],
+      "refs": ["https://securelist.com/files/2015/02/The-Desert-Falcons-targeted-attacks.pdf"]
+    },
     {
       "value": "Gh0st Rat",
       "description": "Gh0st Rat is a well-known Chinese remote access trojan which was originally made by C.Rufus Security Team several years ago.",
@@ -341,6 +354,15 @@
     {
       "value": "Elirks"
     },
+    {
+      "value": "Aumlib",
+      "synonyms": ["Yayih", "mswab", "Graftor"],
+      "refs": ["http://www.cybersquared.com/killing-with-a-borrowed-knife-chaining-core-cloud-service-profile-infrastructure-for-cyber-attacks"]
+    },
+    {
+      "value": "CTRat",
+      "refs": ["http://www.fireeye.com/blog/technical/threat-intelligence/2014/07/spy-of-the-tiger.html"]
+    },
     {
       "value": "Emdivi",
       "synonyms": ["Newsripper"],