From e60bbbb78e67a6af418acd32621fb71b9dc7cfc0 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Tue, 15 Mar 2016 08:59:44 +0100
Subject: [PATCH] First version of adversary tools

---
 elements/threat-actor-tools.json | 43 ++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 elements/threat-actor-tools.json

diff --git a/elements/threat-actor-tools.json b/elements/threat-actor-tools.json
new file mode 100644
index 0000000..9772544
--- /dev/null
+++ b/elements/threat-actor-tools.json
@@ -0,0 +1,43 @@
+{
+  "values": [
+    {
+      "value": "PlugX",
+      "description": "Malware"
+    },
+    {
+      "value": "MSUpdater"
+    },
+    {
+      "value": "Poison Ivy"
+    },
+    {
+      "value": "Torn RAT"
+    },
+    {
+      "value": "Joy RAT"
+    },
+    {
+      "value": "Sakula",
+      "synonyms": ["Sakurel"]
+    },
+    {
+      "value": "Derusbi"
+    },
+    {
+      "value": "EvilGrab"
+    },
+    {
+      "value": "IEChecker"
+    },
+    {
+      "value": "Trojan.Naid"
+    },
+    {
+      "value": "Backdoor.Moudoor"
+    }
+  ],
+  "version" : 1,
+  "description": "threat-actor-tools is an enumeration of tools used by adversaries.",
+  "author": ["Alexandre Dulaunoy"],
+  "type": "threat-actor-tools"
+}