diff --git a/clusters/exploit-kit.json b/clusters/exploit-kit.json
index 15b7fab..08dcd61 100644
--- a/clusters/exploit-kit.json
+++ b/clusters/exploit-kit.json
@@ -322,7 +322,7 @@
     },
     {
       "value": "GrandSoft",
-      "description": "GrandSoft Exploit Kit was a quite common exploit kit used in 2012/2013",
+      "description": "GrandSoft Exploit Kit was a quite common exploit kit used in 2012/2013. Disappeared between march 2014 and September 2017",
       "meta": {
         "refs": [
           "http://malware.dontneedcoffee.com/2013/09/FinallyGrandSoft.html",
@@ -333,7 +333,7 @@
           "StampEK",
           "SofosFO"
         ],
-        "status": "Retired - Last seen: 2014-03"
+        "status": "Active"
       }
     },
     {
@@ -497,7 +497,7 @@
     },
     {
       "value": "Sakura",
-      "description": "Description Here",
+      "description": "Sakura Exploit Kit appeared in 2012 and was adopted by several big actor",
       "meta": {
         "refs": [
           "http://www.xylibox.com/2012/01/sakura-exploit-pack-10.html"
@@ -505,6 +505,17 @@
         "status": "Retired - Last seen: 2013-09"
       }
     },
+	{
+		"value": "SPL",
+		"description": "SPL exploit kit was mainly seen in 2012/2013 most often associated with ZeroAccess and Scareware/FakeAV",
+		"meta": {
+			"refs": ["http://www.malwaresigs.com/2012/12/05/spl-exploit-kit/"],
+			"status": "Retired - Last seen: 2015-04",
+			"synonyms": ["SPL_Data",
+			"SPLNet",
+			"SPL2"],
+		}
+	},
     {
       "value": "Sundown",
       "description": "Sundown Exploit Kit is mainly built out of stolen code from other exploit kits",
@@ -570,7 +581,7 @@
       }
     }
   ],
-  "version": 5,
+  "version": 6,
   "uuid": "454f4e78-bd7c-11e6-a4a6-cec0c932ce01",
   "description": "Exploit-Kit is an enumeration of some exploitation kits used by adversaries. The list includes document, browser and router exploit kits.It's not meant to be totally exhaustive but aim at covering the most seen in the past 5 years",
   "authors": [
diff --git a/clusters/tds.json b/clusters/tds.json
index 4e72a3c..6432908 100644
--- a/clusters/tds.json
+++ b/clusters/tds.json
@@ -12,6 +12,18 @@
         ]
       }
     },
+    {
+      "value": "BlackTDS",
+      "description": "BlackTDS is mutualised TDS advertised underground since end of December 2017",
+      "meta": {
+        "refs": [
+          "https://blacktds[.com/"
+        ],
+        "type": [
+          "Underground"
+        ]
+      }
+    },
     {
       "value": "ShadowTDS",
       "description": "ShadowTDS is advertised underground since 2016-02. It's in fact more like a Social Engineering kit focused on Android and embedding a TDS",
@@ -91,7 +103,7 @@
       }
     }
   ],
-  "version": 2,
+  "version": 3,
   "uuid": "ab5fffaa-c5f6-11e6-9d9d-cec0c932ce01",
   "description": "TDS is a list of Traffic Direction System used by adversaries",
   "authors": [
diff --git a/tools/gen.sh b/tools/gen.sh
index 4ed308a..b3f75be 100644
--- a/tools/gen.sh
+++ b/tools/gen.sh
@@ -1,5 +1,5 @@
 python3 adoc_galaxy.py >a.txt
-asciidoctor a.txt
+asciidoctor -a allow-uri-read a.txt
 asciidoctor-pdf -a allow-uri-read a.txt
 cp a.html ../../misp-website/galaxy.html
 cp a.pdf ../../misp-website/galaxy.pdf