diff --git a/clusters/tool.json b/clusters/tool.json
index ec0fad8a..8365ee87 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -10,7 +10,7 @@
   ],
   "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
   "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
-  "version": 37,
+  "version": 38,
   "values": [
     {
       "meta": {
@@ -3071,6 +3071,18 @@
           "https://www.agenttesla.com/"
         ]
       }
+    },
+    {
+      "value": "Ordinypt",
+      "description": "A new ransomware strain called Ordinypt is currently targeting victims in Germany, but instead of encrypting users' documents, the ransomware rewrites files with random data. Ordinypt is actually a wiper and not ransomware because it does not bother encrypting anything, but just replaces files with random data.",
+      "meta": {
+        "refs": [
+          "https://www.bleepingcomputer.com/news/security/ordinypt-ransomware-intentionally-destroys-files-currently-targeting-germany/"
+        ],
+        "synonyms": [
+          "HSDFSDCrypt"
+        ]
+      }
     }
   ]
 }