From eeafff97680b7f53b1750ee704e56415e472d546 Mon Sep 17 00:00:00 2001
From: Thomas Dupuy <thom4s.d@gmail.com>
Date: Tue, 23 Feb 2021 11:15:31 -0500
Subject: [PATCH] Add RDAT backdoor

---
 clusters/tool.json | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/clusters/tool.json b/clusters/tool.json
index 9e4ac50..21bb1b5 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -8268,7 +8268,21 @@
       "related": [],
       "uuid": "95174297-6dff-47d9-bcb9-263f9b2efcfb",
       "value": "Exaramel"
+    },
+    {
+      "description": "RDAT is a backdoor used by the suspected Iranian threat group OilRig. RDAT  was originally identified in 2017 and targeted companies in the telecommunications sector.",
+      "meta": {
+        "refs": [
+          "https://unit42.paloaltonetworks.com/oilrig-novel-c2-channel-steganography/"
+        ],
+        "type": [
+          "backdoor"
+        ]
+      },
+      "related": [],
+      "uuid": "d357a6ff-00e5-4fcc-8b9e-4a9d98a736e7",
+      "value": "RDAT"
     }
   ],
-  "version": 142
+  "version": 143
 }