diff --git a/clusters/rat.json b/clusters/rat.json
index a953b8b..7394c96 100644
--- a/clusters/rat.json
+++ b/clusters/rat.json
@@ -2,7 +2,7 @@
   "uuid": "312f8714-45cb-11e7-b898-135207cdceb9",
   "description": "remote administration tool or remote access tool (RAT), also called sometimes remote access trojan, is a piece of software or programming that allows a remote \"operator\" to control a system as if they have physical access to that system.",
   "source": "MISP Project",
-  "version": 11,
+  "version": 12,
   "values": [
     {
       "meta": {
@@ -2521,6 +2521,16 @@
       "description": "The RAT is written in .NET, it uses socket.io for communication. Currently there are two variants of the malware, the 1st variant is a typical downloader whereas the 2nd one has download and C2 functionalities.",
       "value": "SocketPlayer",
       "uuid": "d9475765-2cea-45c0-b638-a082b9427239"
+    },
+    {
+      "value": "Hallaj PRO RAT",
+      "description": "RAT",
+      "uuid": "f6447046-f4e8-4977-9cc3-edee74ff0038",
+      "meta": {
+        "refs": [
+          "https://securelist.com/attacks-on-industrial-enterprises-using-rms-and-teamviewer/87104/"
+        ]
+      }
     }
   ],
   "authors": [