diff --git a/MANIFEST.json b/MANIFEST.json
index 3879143..8e84d1f 100644
--- a/MANIFEST.json
+++ b/MANIFEST.json
@@ -1,5 +1,5 @@
 {
-  "version": "20161219",
+  "version": "20170104",
   "license": "CC-0",
   "description": "Manifest file of MISP taxonomies available.",
   "url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/master/",
@@ -156,14 +156,9 @@
       "version": 1
     },
     {
-      "description": "The Targeted Threat Index is a metric for assigning an overall threat ranking score to email messages that deliver malware to a victim’s computer. The TTI metric was first introduced at SecTor 2013 by Seth Hardy as part of the talk “RATastrophe: Monitoring a Malware Menagerie” along with Katie Kleemola and Greg Wiseman.",
-      "name": "targeted-threat-index",
-      "version": 1
-    },
-    {
-      "description": "Representation of the behavior or modus operandi of cyber adversaries (a.k.a TTP) as normalized in STIX",
-      "name": "stix-ttp",
-      "version": 1
+      "description": "Tags provided by RiskIQ's PassiveTotal service",
+      "name" : "passivetotal",
+      "version" : 1
     }
   ]
 }
diff --git a/passivetotal/machinetag.json b/passivetotal/machinetag.json
new file mode 100644
index 0000000..a718f0d
--- /dev/null
+++ b/passivetotal/machinetag.json
@@ -0,0 +1,86 @@
+{
+    "namespace" : "passivetotal",
+    "expanded"  : "PassiveTotal",
+    "description": "Tags from RiskIQ's PassiveTotal service",
+    "version"   : 1,
+    "predicates": [
+        {
+            "value" : "sinkholed",
+            "expanded": "Sinkhole Status"
+        },
+        {
+            "value" : "ever-comprimised",
+            "expanded" : "Ever Comprimised?"
+        },
+        {
+            "value" : "class",
+            "expanded" : "Classification"
+        },
+        {
+            "value" : "dynamic-dns",
+            "expanded": "Dynamic DNS"
+        }
+    ],
+    "values" : [
+        { 
+            "predicate" : "sinkholed",
+            "entry" : [
+                { 
+                    "value" : "yes",
+                    "expanded": "Yes"
+                },
+                {
+                    "value" : "no",
+                    "expanded" : "No"
+                }
+            ]
+        },
+        {
+            "predicate" : "ever-comprimised",
+            "entry" : [
+                { 
+                    "value" : "yes",
+                    "expanded": "Yes"
+                },
+                {
+                    "value" : "no",
+                    "expanded" : "No"
+                }
+            ]
+        },
+        {
+            "predicate" : "dynamic-dns",
+            "entry" : [
+                {
+                    "value" : "yes",
+                    "expanded": "Yes"
+                },
+                {
+                    "value" : "no",
+                    "expanded" : "No"
+                }
+            ]
+        },
+        {
+            "predicate" : "class",
+            "entry" : [
+                {
+                    "value" : "malicious",
+                    "expanded" : "Malicious"
+                },
+                {
+                    "value" : "suspicious",
+                    "expanded": "Malicious"
+                },
+                {
+                    "value": "non-malicious",
+                    "expanded": "Non Malicious"
+                },
+                {
+                    "value" : "unknown",
+                    "expanded" : "Unknown"
+                }
+            ]
+        }
+    ]
+}