From af6020077e91fbf200c6b5705c6f7b7baa071486 Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Tue, 23 Oct 2018 15:25:37 +0200
Subject: [PATCH] add August Stealer

---
 clusters/threat-actor.json |  7 +++++--
 clusters/tool.json         | 15 ++++++++++++++-
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 229f8ff..2534fbf 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -3188,7 +3188,10 @@
     {
       "description": "TA530, who we previously examined in relation to large-scale personalized phishing campaigns",
       "meta": {
-        "country": "CN"
+        "country": "CN",
+        "refs": [
+          "https://www.proofpoint.com/uk/threat-insight/post/august-in-december-new-information-stealer-hits-the-scene"
+        ]
       },
       "uuid": "4b79d1f6-8333-44b6-ac32-d1ea7e47e77f",
       "value": "TA530"
@@ -5982,5 +5985,5 @@
       "value": "The Shadow Brokers"
     }
   ],
-  "version": 74
+  "version": 75
 }
diff --git a/clusters/tool.json b/clusters/tool.json
index da07a7d..ed2b83b 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -7371,7 +7371,20 @@
       },
       "uuid": "0a339826-d5f8-11e8-b520-5b93fe65a08e",
       "value": "GhostMiner"
+    },
+    {
+      "description": "August contains stealing functionality targeting credentials and sensitive documents from the infected computer.",
+      "meta": {
+        "refs": [
+          "https://www.proofpoint.com/uk/threat-insight/post/august-in-december-new-information-stealer-hits-the-scene"
+        ],
+        "synonyms": [
+          "August Stealer"
+        ]
+      },
+      "uuid": "9972d4c4-d6c6-11e8-867e-87b4a45aa76d",
+      "value": "August"
     }
   ],
-  "version": 97
+  "version": 98
 }