From cf492d99310cad86040110c5d2b48fe487c03e9f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=BCrgen=20L=C3=B6hel?= <juergen.loehel@inlyse.com>
Date: Wed, 1 Feb 2023 17:30:56 -0600
Subject: [PATCH] chg: [stealer] Adds Album Stealer
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
---
 clusters/stealer.json | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/clusters/stealer.json b/clusters/stealer.json
index dd460564..78545bbd 100644
--- a/clusters/stealer.json
+++ b/clusters/stealer.json
@@ -186,7 +186,17 @@
       ],
       "uuid": "e550f534-dc8b-4f94-a276-ce3d5d9c8115",
       "value": "DarkCloud Stealer"
+    },
+    {
+      "description": "The Zscaler ThreatLabz research team has spotted a new information stealer named Album. Album Stealer is disguised as a photo album that drops decoy adult images while performing malicious activity in the background. The threat group launching these attacks may be located in Vietnam.",
+      "meta": {
+        "refs": [
+          "https://www.zscaler.com/blogs/security-research/album-stealer-targets-facebook-adult-only-content-seekers"
+        ]
+      },
+      "uuid": "7f95ebda-2c7b-49a4-ad57-bd5766a1f651",
+      "value": "Album Stealer"
     }
   ],
-  "version": 10
+  "version": 11
 }