diff --git a/clusters/cryptominers.json b/clusters/cryptominers.json
index 91a3bcf..b878640 100644
--- a/clusters/cryptominers.json
+++ b/clusters/cryptominers.json
@@ -62,7 +62,17 @@
       },
       "uuid": "a0c0ab05-c390-425c-9311-f64bf7ca9145",
       "value": "Krane"
+    },
+    {
+      "description": "“Hezb”, which is based on command line artifact data, was observed around Kinsing. This malware is relatively new and was recently reported in late May exploiting WSO2 RCE (CVE-2022-29464) in the wild. Several malware components were observed, the first of which was an XMRig miner installed as “Hezb”. Additional modules included a polkit exploit for privilege escalation as well as a zero-detection ELF payload named “kik”.",
+      "meta": {
+        "refs": [
+          "https://www.lacework.com/blog/kinsing-dark-iot-botnet-among-threats-targeting-cve-2022-26134/"
+        ]
+      },
+      "uuid": "428bbf01-7756-48a2-848d-6bca3997f1df",
+      "value": "Hezb"
     }
   ],
-  "version": 2
+  "version": 3
 }