diff --git a/clusters/tool.json b/clusters/tool.json
index b81a6d54..f9540ed9 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -8426,7 +8426,20 @@
       },
       "uuid": "2214b113-6942-494f-94b7-576e74fccdb5",
       "value": "Matanbuchus"
+    },
+    {
+      "description": "It is likely that BLUELIGHT is used as a secondary payload following successful delivery of Cobalt Strike.",
+      "meta": {
+        "refs": [
+          "https://www.volexity.com/blog/2021/08/17/north-korean-apt-inkysquid-infects-victims-using-browser-exploits/"
+        ],
+        "type": [
+          "backdoor"
+        ]
+      },
+      "uuid": "b1c4f468-1c55-40aa-bce4-c3772ef83d0c",
+      "value": "BLUELIGHT"
     }
   ],
-  "version": 146
+  "version": 147
 }