From 72554ed71cc9e04a313cc8946adbb680adfd044e Mon Sep 17 00:00:00 2001
From: Thomas Dupuy <thom4s.d@gmail.com>
Date: Thu, 13 Aug 2020 15:08:32 -0400
Subject: [PATCH] Add Drovorub tool

---
 clusters/tool.json | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/clusters/tool.json b/clusters/tool.json
index 13a5e0c..fa960a0 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -8126,7 +8126,23 @@
       "related": [],
       "uuid": "59266c02-e3c8-47a6-b00c-bbb50c8975e9",
       "value": "WellMail"
-    }
+    },
+    {
+      "description": "Drovorub is a Linux malware toolset consisting of an implant coupled with a kernel module rootkit, a file transfer and port forwarding tool, and a Command and Control (C2) server.",
+      "meta": {
+        "refs": [
+          "https://media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF"
+        ],
+        "synonyms": [],
+        "type": [
+          "Backdoor",
+          "Rootkit"
+        ]
+      },
+      "related": [],
+      "uuid": "a0a46c1b-e774-410e-a84b-020b2558d851",
+      "value": "Drovorub"
+    },
   ],
-  "version": 137
+  "version": 138
 }