From 5fd4cfa4ee4f7f09adb5a3717417328ad7e0844a Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Mon, 5 Nov 2018 09:50:10 +0100
Subject: [PATCH 1/3] update Red Alert 2 Android Banking Trojan

---
 clusters/android.json | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/clusters/android.json b/clusters/android.json
index 22d49033..66fcf075 100644
--- a/clusters/android.json
+++ b/clusters/android.json
@@ -57,7 +57,8 @@
       "description": "The trojan waits in hiding until the user opens a banking or social media app. When this happens, the trojan shows an HTML-based overlay on top of the original app, alerting the user of an error, and asking to reauthenticate. Red Alert then collects the user's credentials and sends them to its C&C server.",
       "meta": {
         "refs": [
-          "https://www.bleepingcomputer.com/news/security/researchers-discover-new-android-banking-trojan/"
+          "https://www.bleepingcomputer.com/news/security/researchers-discover-new-android-banking-trojan/",
+          "https://www.threatfabric.com/blogs/new_android_trojan_targeting_over_60_banks_and_social_apps.html"
         ]
       },
       "related": [
@@ -66,8 +67,12 @@
           "tags": [
             "estimative-language:likelihood-probability=\"likely\""
           ],
-          "type": "similar"
-        }
+          "type": "similar",
+          "synonyms": [
+            "Red Alert 2"
+            "Red Alert 2.0"
+          ]
+        },
       ],
       "uuid": "d10f8cd5-0077-4d8f-9145-03815a68dd33",
       "value": "RedAlert2"

From ae24b71f4556fa7d8da31c68fa12a298f753b041 Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Mon, 5 Nov 2018 10:45:54 +0100
Subject: [PATCH 2/3] update version

---
 clusters/android.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/clusters/android.json b/clusters/android.json
index 66fcf075..8760f454 100644
--- a/clusters/android.json
+++ b/clusters/android.json
@@ -4631,5 +4631,5 @@
       "value": "Triout"
     }
   ],
-  "version": 16
+  "version": 17
 }

From 050a94a2c09aa5933cc50010c4117a3a64f8f76e Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Mon, 5 Nov 2018 11:01:57 +0100
Subject: [PATCH 3/3] jq fix

---
 clusters/android.json | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/clusters/android.json b/clusters/android.json
index 8760f454..dc9db6c8 100644
--- a/clusters/android.json
+++ b/clusters/android.json
@@ -64,15 +64,15 @@
       "related": [
         {
           "dest-uuid": "e9aaab46-abb1-4390-b37b-d0457d05b28f",
+          "synonyms": [
+            "Red Alert 2",
+            "Red Alert 2.0"
+          ],
           "tags": [
             "estimative-language:likelihood-probability=\"likely\""
           ],
-          "type": "similar",
-          "synonyms": [
-            "Red Alert 2"
-            "Red Alert 2.0"
-          ]
-        },
+          "type": "similar"
+        }
       ],
       "uuid": "d10f8cd5-0077-4d8f-9145-03815a68dd33",
       "value": "RedAlert2"