diff --git a/clusters/stealer.json b/clusters/stealer.json
index d262160..d54c4b4 100644
--- a/clusters/stealer.json
+++ b/clusters/stealer.json
@@ -42,6 +42,16 @@
       "uuid": "a6780288-24eb-4006-9ddd-062870c6feec",
       "value": "TeleGrab"
     },
+    {
+      "description": "Expiro is a known file infector and information stealer that hinders analysis with anti-debugging and anti-analysis tricks. [[Citation: Cisco Talos - Threat Roundup for Feb. 8 to Feb. 15]]]",
+      "meta": {
+        "uuid": "ca16a9f0-3915-11e9-b210-d663bd873d93",
+        "refs": [
+          "https://blog.talosintelligence.com/2019/02/threat-roundup-0208-0215.html"
+                ]
+      },
+      "value": "Expiro"
+    },
     {
       "description": "It is able to steal accounts from different software, such as, Firefox password Internet Explorer/Edge Thunderbird Chrome/Chromium and many more. It is also able to (1) list all installed software, (2) list processes, (3) Get information about the machine name (CPU type, Graphic card, size of memory), (4) take screen captures, (5) Steal cryptomoney wallet from Electrum, MultiBit, monero-project, bitcoin-qt.",
       "meta": {