From f8c56406138dbc455da054e9d0ac98f8579463c7 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Tue, 21 Aug 2018 10:48:47 +0200
Subject: [PATCH] chg: [tool] biscuit biscvt tool BISKVIT

ref: https://www.fortinet.com/blog/threat-research/russian-army-exhibition-decoy-leads-to-new-biskvit-malware.html
---
 clusters/tool.json | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/clusters/tool.json b/clusters/tool.json
index 6cc4dae6..d800258c 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -5706,7 +5706,17 @@
       },
       "uuid": "f7f53bb8-37ed-4bbe-9809-ca1594431536",
       "value": "KEYMARBLE"
+    },
+    {
+      "value": "BISKVIT",
+      "description": "The BISKVIT Trojan is a multi-component malware written in C#. We dubbed this malware BISKVIT based on the namespaces used in the code, which contain the word “biscuit”.  Unfortunately, there is already an existing unrelated malware called BISCUIT, so BISKVIT is used instead, which is the Russian translation of biscuit.",
+      "meta": {
+        "refs": [
+          "https://www.fortinet.com/blog/threat-research/russian-army-exhibition-decoy-leads-to-new-biskvit-malware.html"
+        ]
+      },
+      "uuid": "69ed8a69-8b33-4195-9b21-a1f4cd76acde"
     }
   ],
-  "version": 84
+  "version": 85
 }