From f2c80cbcdd86779da97e68351c841279825ccca4 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Fri, 22 Feb 2019 22:44:44 +0100
Subject: [PATCH] chg: [tool] BabyShark added

---
 clusters/tool.json | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/clusters/tool.json b/clusters/tool.json
index 10d64ff..793f95f 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -7542,7 +7542,17 @@
       },
       "uuid": "588b97ff-3434-4aa1-a5fd-815e1bb0178b",
       "value": "ANEL"
+    },
+    {
+      "value": "BabyShark",
+      "uuid": "78ed653d-2d76-4a99-849e-1509e4573c32",
+      "description": "BabyShark is a relatively new malware. The earliest sample we found from open source repositories and our internal data sets was seen in November 2018. The malware is launched by executing the first stage HTA from a remote location, thus it can be delivered via different file types including PE files as well as malicious documents. It exfiltrates system information to C2 server, maintains persistence on the system, and waits for further instruction from the operator.",
+      "meta": {
+        "refs": [
+          "https://unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks/"
+        ]
+      }
     }
   ],
-  "version": 109
+  "version": 110
 }