diff --git a/clusters/botnet.json b/clusters/botnet.json
index 1df05f5..af75e42 100644
--- a/clusters/botnet.json
+++ b/clusters/botnet.json
@@ -1137,6 +1137,30 @@
       "uuid": "e3e91fe2-c7ce-11e8-8e85-6bc15cd2a63c",
       "value": "Persirai"
     },
+    {
+      "description": "CAYOSIN DDoS Botnet - A Qbot base upgraded with Mirai codes. [[Citation: an ELF bot reverse engineering overview in MIPS 32-bit (on r2) - #MalwareMustDie!]]]",
+      "meta": {
+        "uuid": "a1dd1c4a-3919-11e9-b210-d663bd873d93",
+        "refs": [
+          "https://imgur.com/a/4YxuSfV",
+		  "https://securityaffairs.co/wordpress/80858/cyber-crime/cayosin-botnet-mmd.html"
+                ]
+      },
+      "value": "CAYOSIN"
+    },
+    {
+      "description": "Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. [[Citation: Cisco Talos - Threat Roundup for Jan. 25 to Feb. 1]]]",
+      "meta": {
+        "uuid": "67ec994c-3929-11e9-b210-d663bd873d93",
+        "refs": [
+          "https://blog.talosintelligence.com/2019/02/threat-roundup-0125-0201.html"
+                ],
+		"synonyms" :[
+		"Eldorado"
+		]
+      },
+      "value": "Ircbot"
+    },
     {
       "description": "Since early September, SophosLabs has been monitoring an increasingly prolific attack targeting Internet-facing SSH servers on Linux-based systems that has been dropping a newly-discovered family of denial-of-service bots we’re calling Chalubo. The attackers encrypt both the main bot component and its corresponding Lua script using the ChaCha stream cipher. This adoption of anti-analysis techniques demonstrates an evolution in Linux malware, as the authors have adopted principles more common to Windows malware in an effort to thwart detection. Like some of its predecessors, Chalubo incorporates code from the Xor.DDoS and Mirai malware families.",
       "meta": {