diff --git a/clusters/banker.json b/clusters/banker.json
index f8096a6..aac1f81 100644
--- a/clusters/banker.json
+++ b/clusters/banker.json
@@ -502,9 +502,18 @@
           "https://objective-see.com/blog/blog_0x25.html#Dok"
         ]
       }
+    },
+    {
+      "value": "downAndExec",
+      "description": "Services like Netflix use content delivery networks (CDNs) to maximize bandwidth usage as it gives users greater speed when viewing the content, as the server is close to them and is part of the Netflix CDN. This results in faster loading times for series and movies, wherever you are in the world. But, apparently, the CDNs are starting to become a new way of spreading malware. The attack chain is very extensive, and incorporates the execution of remote scripts (similar in some respects to the recent “fileless” banking malware trend), plus the use of CDNs for command and control (C&C), and other standard techniques for the execution and protection of malware.",
+      "meta": {
+        "refs": [
+          "https://www.welivesecurity.com/2017/09/13/downandexec-banking-malware-cdns-brazil/"
+        ]
+      }
     }
   ],
-  "version": 6,
+  "version": 7,
   "uuid": "59f20cce-5420-4084-afd5-0884c0a83832",
   "description": "A list of banker malware.",
   "authors": [