diff --git a/clusters/tool.json b/clusters/tool.json
index 9c366a95..a08654f0 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -10601,7 +10601,29 @@
       ],
       "uuid": "7b002b6e-442c-4c0a-b173-873820c7c731",
       "value": "VENOMBITE"
+    },
+    {
+      "description": "First documented in 2018, DarkGate is a commodity loader with features that include the ability to download and execute files to memory, a Hidden Virtual Network Computing (HVNC) module, keylogging, information-stealing capabilities, and privilege escalation. DarkGate makes use of legitimate AutoIt files and typically runs multiple AutoIt scripts. New versions of DarkGate have been advertised on a Russian language eCrime forum since May 2023.",
+      "meta": {
+        "refs": [
+          "https://0xtoxin.github.io/threat%20breakdown/DarkGate-Camapign-Analysis/",
+          "https://www.aon.com/cyber-solutions/aon_cyber_labs/darkgate-keylogger-analysis-masterofnone/",
+          "https://securelist.com/emotet-darkgate-lokibot-crimeware-report/110286/",
+          "https://www.zerofox.com/blog/the-underground-economist-volume-3-issue-12/",
+          "https://decoded.avast.io/janrubin/meh-2-2/",
+          "https://decoded.avast.io/janrubin/complex-obfuscation-meh/",
+          "https://www.fortinet.com/blog/threat-research/enter-the-darkgate-new-cryptocurrency-mining-and-ransomware-campaign"
+        ],
+        "synonyms": [
+          "Meh"
+        ],
+        "type": [
+          "Loader"
+        ]
+      },
+      "uuid": "978e5adc-e6e4-49a9-822f-0c130ac983a3",
+      "value": "DarkGate"
     }
   ],
-  "version": 168
+  "version": 169
 }