From 2b447585b6317689ec4fd8d2376d052a438b7cc9 Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Fri, 8 Jun 2018 10:18:41 +0200
Subject: [PATCH] add PLEAD

---
 clusters/tool.json | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/clusters/tool.json b/clusters/tool.json
index f1d56b2..f470296 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -2,7 +2,7 @@
   "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
   "name": "Tool",
   "source": "MISP Project",
-  "version": 72,
+  "version": 73,
   "values": [
     {
       "meta": {
@@ -4262,6 +4262,16 @@
           "https://www.us-cert.gov/ncas/alerts/TA18-149A"
         ]
       }
+    },
+    {
+      "uuid": "d1482c9e-6af3-11e8-aa8e-279274bd10c7",
+      "value": "PLEAD",
+      "description": "PLEAD has two kinds – RAT (Remote Access Tool) and downloader. The RAT operates based on commands that are provided from C&C servers. On the other hand, PLEAD downloader downloads modules and runs it on memory in the same way as TSCookie does.",
+      "meta": {
+        "refs": [
+          "https://blog.jpcert.or.jp/2018/06/plead-downloader-used-by-blacktech.html"
+        ]
+      }
     }
   ],
   "authors": [