diff --git a/clusters/ransomware.json b/clusters/ransomware.json
index f61e6647..90f8fe89 100644
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@@ -13074,7 +13074,19 @@
       },
       "uuid": "8cfa694c-2e6b-310a-728f-027d981870b2",
       "value": "GlobeImposter"
+    },
+    {
+      "description": "BlackWorm Ransomware is a malicious computer infection that encrypts your files, and then does everything it can to prevent you from restoring them. It needs you to pay $200 for the decryption key, but there is no guarantee that the people behind this infection would really issue the decryption tool for you.",
+      "meta": {
+        "payment-method": "Bitcoin",
+        "price": "200 $",
+        "refs": [
+          "https://spyware-techie.com/blackworm-ransomware-removal-guide"
+        ]
+      },
+      "uuid": "8cfa694a-2e5b-300a-727f-027d881870b2",
+      "value": "BlackWorm"
     }
   ],
-  "version": 55
+  "version": 56
 }
diff --git a/clusters/stealer.json b/clusters/stealer.json
index d2621603..7511a0ba 100644
--- a/clusters/stealer.json
+++ b/clusters/stealer.json
@@ -54,7 +54,18 @@
       },
       "uuid": "a646edab-5c6f-4a79-8a6c-153535259e16",
       "value": "AZORult"
+    },
+    {
+      "description": "Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.",
+      "meta": {
+        "date": "Dec 2018.",
+        "refs": [
+          "https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar"
+        ]
+      },
+      "uuid": "a646edaa-4c6f-3a79-7a6c-143535259e15",
+      "value": "Vidar"
     }
   ],
-  "version": 4
+  "version": 5
 }
diff --git a/clusters/tool.json b/clusters/tool.json
index d3b494cb..17a5a7c4 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -7620,7 +7620,17 @@
       ],
       "uuid": "e1ca79eb-5629-4267-bb37-3992c7126ef4",
       "value": "EVILNUM"
+    },
+    {
+      "description": "Brushaloader also leverages a combination of VBScript and PowerShell to create a Remote Access Trojan (RAT) that allows persistent command execution on infected systems.",
+      "meta": {
+        "refs": [
+          "https://blog.talosintelligence.com/2019/02/combing-through-brushaloader.html"
+        ]
+      },
+      "uuid": "e1ca79ea-5628-4266-bb36-3892c7126ef4",
+      "value": "Brushaloader"
     }
   ],
-  "version": 115
+  "version": 116
 }