diff --git a/clusters/stealer.json b/clusters/stealer.json
index 117d4f8..3627bfe 100644
--- a/clusters/stealer.json
+++ b/clusters/stealer.json
@@ -76,7 +76,19 @@
       },
       "uuid": "f3413f6c-5c3a-4df0-bbb5-2dbdf4d68c4c",
       "value": "Ave Maria"
+    },
+    {
+      "description": "A cryptocurrency-stealing malware distributed through Telegram",
+      "meta": {
+        "date": "April 2021.",
+        "refs": [
+          "https://decoded.avast.io/romanalinkeova/hackboss-a-cryptocurrency-stealing-malware-distributed-through-telegram/",
+          "https://github.com/avast/ioc/tree/master/HackBoss"
+        ]
+      },
+      "uuid": "ebc1c15d-3e27-456e-9473-61d92d91bda8",
+      "value": "HackBoss"
     }
   ],
-  "version": 7
+  "version": 8
 }
diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index cbe8fb4..c09f5d0 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -8842,7 +8842,20 @@
       },
       "uuid": "2dd31182-bae1-48ed-8bb3-805a3df89783",
       "value": "Gelsemium"
+    },
+    {
+      "description": "Mentioned as operator of TriumphLoader and Matanbuchus",
+      "meta": {
+        "refs": [
+          "https://unit42.paloaltonetworks.com/matanbuchus-malware-as-a-service/"
+        ],
+        "synonyms": [
+          "Matanbuchus"
+        ]
+      },
+      "uuid": "e7aff414-fc21-43eb-ad5d-9a46e07be9f5",
+      "value": "BelialDemon"
     }
   ],
-  "version": 204
+  "version": 205
 }
diff --git a/clusters/tool.json b/clusters/tool.json
index d4600aa..b81a6d5 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -8412,7 +8412,21 @@
       ],
       "uuid": "1422b81c-a3c6-4229-8523-82d705400f46",
       "value": "Sibot"
+    },
+    {
+      "description": "Matanbuchus is a loader promoted by BelialDemon. It can launch an EXE or DLL file in memory, leverage schtasks.exe to add or modify task schedules, and launch custom PowerShell commands, among other capabilities. Attackers use a Microsoft Excel document as the initial vector to drop the Matanbuchus Loader DLL.",
+      "meta": {
+        "date": "Feb 2021.",
+        "refs": [
+          "https://unit42.paloaltonetworks.com/matanbuchus-malware-as-a-service/"
+        ],
+        "type": [
+          "Loader"
+        ]
+      },
+      "uuid": "2214b113-6942-494f-94b7-576e74fccdb5",
+      "value": "Matanbuchus"
     }
   ],
-  "version": 145
+  "version": 146
 }