From 6c7d0f8684d6acd75370db6eec927218d1b53c67 Mon Sep 17 00:00:00 2001
From: Kafeine <Kafeine@users.noreply.github.com>
Date: Mon, 26 Mar 2018 18:05:14 +0100
Subject: [PATCH] +ThreadKit

---
 clusters/exploit-kit.json | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/clusters/exploit-kit.json b/clusters/exploit-kit.json
index f17bf7b..862843b 100755
--- a/clusters/exploit-kit.json
+++ b/clusters/exploit-kit.json
@@ -116,6 +116,16 @@
         "status": "Active"
       }
     },
+  {
+      "value": "ThreadKit",
+      "description": "ThreadKit is the name given to a widely used Microsoft Office document exploit builder kit that appeared in June 2017",
+      "meta": {
+        "refs": [
+          "https://www.proofpoint.com/us/threat-insight/post/unraveling-ThreadKit-new-document-exploit-builder-distribute-The-Trick-Formbook-Loki-Bot-malware"
+        ],
+        "status": "Active"
+      }
+    },
     {
       "value": "RIG",
       "description": "RIG is an exploit kit that takes its source in Infinity EK itself an evolution of Redkit. It became dominant after the fall of Angler, Nuclear Pack and the end of public access to Neutrino. RIG-v is the name given to RIG 4 when it was only accessible by \"vip\" customers and when RIG 3 was still in use.",