From ab577afacd1317e5904067af580d85caa029dafb Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Mon, 18 Jun 2018 09:47:03 +0200
Subject: [PATCH] add ClipboardWalletHijacker

---
 clusters/tool.json | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/clusters/tool.json b/clusters/tool.json
index 5593653..20bc955 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -2,7 +2,7 @@
   "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
   "name": "Tool",
   "source": "MISP Project",
-  "version": 74,
+  "version": 75,
   "values": [
     {
       "meta": {
@@ -4312,6 +4312,17 @@
           "https://blog.jpcert.or.jp/2018/06/plead-downloader-used-by-blacktech.html"
         ]
       }
+    },
+    {
+      "uuid": "9f926c84-72cb-11e8-a1f2-676d779700ba",
+      "value": "ClipboardWalletHijacker",
+      "description": "The malware's purpose is to intercept content recorded in the Windows clipboard, look for strings resembling Bitcoin and Ethereum addresses, and replace them with ones owned by the malware's authors. ClipboardWalletHijacker's end-plan is to hijack BTC and ETH transactions, so victims unwittingly send funds to the malware's authors.",
+      "meta": {
+        "refs": [
+          "https://www.bleepingcomputer.com/news/security/clipboard-hijacker-targeting-bitcoin-and-ethereum-users-infects-over-300-0000-pcs/",
+          "https://blog.360totalsecurity.com/en/new-cryptominer-hijacks-your-bitcoin-transaction-over-300000-computers-have-been-attacked/"
+        ]
+      }
     }
   ],
   "authors": [