diff --git a/clusters/exploit-kit.json b/clusters/exploit-kit.json
index bab4139..6a04713 100755
--- a/clusters/exploit-kit.json
+++ b/clusters/exploit-kit.json
@@ -46,8 +46,7 @@
       "description": "The Empire Pack is a variation of RIG operated by a load seller. It's being fed by many traffic actors",
       "meta": {
         "refs": [
-          "http://malware.dontneedcoffee.com/2016/10/rig-evolves-neutrino-waves-goodbye.html",
-          ""
+          "http://malware.dontneedcoffee.com/2016/10/rig-evolves-neutrino-waves-goodbye.html"
         ],
        "synonyms": [
           "RIG-E"
@@ -79,8 +78,7 @@
           "http://www.kahusecurity.com/2012/new-chinese-exploit-pack/"
         ],
        "synonyms": [
-          "CK vip",
-          ""
+          "CK vip"
         ]		,
 		"status": "Active"
        }
@@ -108,9 +106,6 @@
         "refs": [
           "https://www.fireeye.com/blog/threat-research/2015/04/a_new_word_document.html",
           "https://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/sophos-microsoft-word-intruder-revealed.pdf"
-        ],
-       "synonyms": [
-          ""
         ],
 		"status": "Active"
        }
@@ -157,9 +152,6 @@
         "refs": [
           "http://www.welivesecurity.com/2014/10/08/sednit-espionage-group-now-using-custom-exploit-kit/",
           "http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/"
-        ],
-       "synonyms": [
-          ""
         ],
 		"status": "Active"
        }
@@ -239,7 +231,6 @@
       "description": "The BlackHole Exploit Kit has been the most popular exploit kit from 2011 to 2013. Its activity stopped with Paunch's arrest (all activity since then is anecdotal and based on an old leak)",
       "meta": {
         "refs": [
-	  "",
           "https://www.trustwave.com/Resources/SpiderLabs-Blog/Blackhole-Exploit-Kit-v2/",
           "https://nakedsecurity.sophos.com/exploring-the-blackhole-exploit-kit/"
         ],
@@ -251,7 +242,7 @@
     }
 ,
     { "value": "Bleeding Life",
-      "description": "Bleeding Life is an exploit kit that got open source with its version 2",
+      "description": "Bleeding Life is an exploit kit that became open source with its version 2",
       "meta": {
         "refs": [
           "http://www.kahusecurity.com/2011/flash-used-in-idol-malvertisement/",
@@ -290,8 +281,7 @@
           "http://www.kahusecurity.com/2011/neosploit-is-back/"
         ],
        "synonyms": [
-          "NeoSploit",
-          ""
+          "NeoSploit"
         ]
 		,
 		"status": "Retired - Last Seen: beginning of 2015-07"
@@ -340,10 +330,6 @@
 		"https://blog.malwarebytes.com/threat-analysis/2014/08/shining-some-light-on-the-unknown-exploit-kit/",
           "http://blog.trendmicro.com/trendlabs-security-intelligence/a-closer-look-at-the-exploit-kit-in-cve-2015-0313-attack",
           "https://twitter.com/kafeine/status/562575744501428226"
-        ],
-       "synonyms": [
-          "",
-          ""
         ],
 		"status": "Retired - Last seen: 2015-07"
        }
@@ -367,10 +353,6 @@
       "meta": {
         "refs": [
           "http://malware.dontneedcoffee.com/2012/12/inside-impact-exploit-kit-back-on-track.html"
-        ],
-       "synonyms": [
-          "",
-          ""
         ]
 		,
 		"status": "Retired"
@@ -399,9 +381,6 @@
           "http://blog.talosintel.com/2014/03/hello-new-exploit-kit.html",
           "http://blog.talosintel.com/2014/05/continued-analysis-of-lightsout-exploit.html",
 		  "http://malwageddon.blogspot.fr/2013/09/unknown-ek-by-way-how-much-is-fish.html"
-        ],
-       "synonyms": [
-          ""
         ],
 		"status": "Unknown - Last seen: 2014-03"
        }
@@ -425,7 +404,6 @@
       "description": "The Nuclear Pack appeared in 2009 and has been one of the longer living one. Spartan EK was a landing less variation of Nuclear Pack",
       "meta": {
         "refs": [
-          "",
           "http://blog.checkpoint.com/2016/05/17/inside-nuclears-core-unraveling-a-ransomware-as-a-service-infrastructure/"
         ],
        "synonyms": [
@@ -481,8 +459,7 @@
       "description": "Description Here",
       "meta": {
         "refs": [
-          "http://www.xylibox.com/2012/01/sakura-exploit-pack-10.html",
-          ""
+          "http://www.xylibox.com/2012/01/sakura-exploit-pack-10.html"
         ],
 		"status": "Retired - Last seen: 2013-09"
        }
@@ -492,8 +469,7 @@
       "description": "Sweet Orange",
       "meta": {
         "refs": [
-          "http://malware.dontneedcoffee.com/2012/12/juice-sweet-orange-2012-12.html",
-          ""
+          "http://malware.dontneedcoffee.com/2012/12/juice-sweet-orange-2012-12.html"
         ],
        "synonyms": [
           "SWO"
diff --git a/clusters/tds.json b/clusters/tds.json
index 0ce15d2..c9b9df7 100755
--- a/clusters/tds.json
+++ b/clusters/tds.json
@@ -56,9 +56,6 @@
     { "value": "Futuristic TDS",
       "description": "Futuristic TDS is the TDS componenent of BlackOS/CookieBomb/NorthTale Iframer",
       "meta": {
-        "refs": [
-          ""
-        ],
 	   "type":"Underground"
        }
     }
@@ -66,9 +63,6 @@
     { "value": "Orchid TDS",
       "description": "Orchid TDS was sold underground. Rare usage",
       "meta": {
-        "refs": [
-          ""
-        ],
 	   "type":"Underground"
        }
     }