From fd030a431408db51f21067623cc716e442d302cf Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Fri, 6 Jan 2017 22:35:50 +0100
Subject: [PATCH] GeminiDuke added

---
 clusters/tool.json | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/clusters/tool.json b/clusters/tool.json
index 429d3bb7..5699d71a 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -10,7 +10,7 @@
   ],
   "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
   "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
-  "version": 8,
+  "version": 9,
   "values": [
     {
       "description": "Malware",
@@ -1113,6 +1113,13 @@
         ]
       },
       "value": "Chthonic"
+    },
+    {
+      "value": "GeminiDuke",
+      "description": "GeminiDuke is malware that was used by APT29 from 2009 to 2012.",
+      "meta": {
+        "refs": ["https://attack.mitre.org/wiki/Software/S0049"]
+    }
     }
   ]
 }