From 63b7e62de5dd5a40e78945c15fe5bbbcac059dec Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Thu, 24 Aug 2017 08:49:42 +0200
Subject: [PATCH] add Joao malware

---
 clusters/tool.json | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/clusters/tool.json b/clusters/tool.json
index 048e91f..5077d34 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -2953,6 +2953,15 @@
           "https://isc.sans.edu/diary/22736"
         ]
       }
+    },
+    {
+      "value": "Joao",
+      "description": "Spread via hacked Aeria games offered on unofficial websites, the modular malware can download and install virtually any other malicious code on the victim’s computer. To spread their malware, the attackers behind Joao have misused massively-multiplayer online role-playing games (MMORPGs) originally published by Aeria Games. At the time of writing this article, the Joao downloader was being distributed via the anime-themed MMORPG Grand Fantasia offered on gf.ignitgames[.]to.",
+      "meta": {
+        "refs": [
+          "https://www.welivesecurity.com/2017/08/22/gamescom-2017-fun-blackhats/"
+        ]
+      }
     }
   ]
 }