From 6467fe5849c87687627c2170439ae0be3c232815 Mon Sep 17 00:00:00 2001
From: rmkml <rmkml@yahoo.fr>
Date: Tue, 9 Apr 2019 22:27:28 +0200
Subject: [PATCH] Add Parasite HTTP RAT

---
 clusters/rat.json | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/clusters/rat.json b/clusters/rat.json
index 30450da..71e6b7f 100644
--- a/clusters/rat.json
+++ b/clusters/rat.json
@@ -3328,7 +3328,17 @@
       },
       "uuid": "1b6a067b-50b9-4aa7-a49b-823e94e210fe",
       "value": "H-worm"
+    },
+    {
+      "description": "The RAT, dubbed Parasite HTTP, is especially notable for the extensive array of techniques it incorporates for sandbox detection, anti-debugging, anti-emulation, and other protections. The malware is also modular in nature, allowing actors to add new capabilities as they become available or download additional modules post infection.",
+      "meta": {
+        "refs": [
+          "https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks"
+        ]
+      },
+      "uuid": "1b6a067c-50ba-4aa7-a59b-824e94e210fe",
+      "value": "Parasite-HTTP-RAT"
     }
   ],
-  "version": 26
+  "version": 27
 }