From 71ad9099c414047858ba1b122adc53e29dfc2470 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Mon, 13 Mar 2017 13:59:46 +0100
Subject: [PATCH] IMEIJ added

---
 clusters/tool.json | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/clusters/tool.json b/clusters/tool.json
index fafb104d..cb4e9c82 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -2037,9 +2037,18 @@
           "https://github.com/n1nj4sec/pupy"
         ]
       }
+    },
+    {
+      "value": "ELF_IMEIJ",
+      "description": "Linux Arm malware spread via RFIs in cgi-bin scripts.  This backdoor executes commands from a remote malicious user, effectively compromising the affected system. It connects to a website to send and receive information.",
+      "meta": {
+        "refs": [
+          "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/elf_imeij.a"
+        ]
+      }
     }
   ],
-  "version": 23,
+  "version": 24,
   "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
   "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
   "authors": [