From d96dc39c5a1644467ec79ef5bca2c6b8677a86cc Mon Sep 17 00:00:00 2001
From: Carlos Borges <hackunagi@users.noreply.github.com>
Date: Fri, 9 Aug 2019 18:00:37 -0300
Subject: [PATCH] Adding Amavaldo Banking Trojan

---
 clusters/rat.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/rat.json b/clusters/rat.json
index cd041ba..9309583 100644
--- a/clusters/rat.json
+++ b/clusters/rat.json
@@ -3382,6 +3382,17 @@
       },
       "uuid": "0f117f50-9657-11e9-8e2b-83e391e0ce57",
       "value": "Felipe"
+    },
+    {
+      "description": "Amavaldo is banking trojan writen in Delphi and known to targeting Spanish or Portuguese speaking countries. It contains backdoor functionality and can work as multi stage. Amavaldo also abuses legitimate tools and softwares",
+      "meta": {
+        "date": "2019",
+        "refs": [
+          "https://www.welivesecurity.com/2019/08/01/banking-trojans-amavaldo/"
+        ]
+      },
+      "uuid": "39c65b1d-7799-43d6-a963-4a058b1c756e",
+      "value": "Amavaldo Banking Trojan"
     }
   ],
   "version": 30