diff --git a/clusters/rat.json b/clusters/rat.json
index 17f266b..f009463 100644
--- a/clusters/rat.json
+++ b/clusters/rat.json
@@ -2923,7 +2923,22 @@
       },
       "uuid": "f6447046-f4e8-4977-9cc3-edee74ff0038",
       "value": "Hallaj PRO RAT"
+    },
+    {
+      "value": "NukeSped",
+      "description": "This threat can install other malware on your PC, including Trojan:Win32/NukeSped.B!dha and Trojan:Win32/NukeSped.C!dha. It can show you a warning message that says your files will be made publically available if you don't follow the malicious hacker's commands. \n",
+      "meta": {
+        "refs": [
+          "https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~NukeSped-Z.aspx",
+          "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win64/NukeSped&ThreatID=-2147238204",
+          "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win64/NukeSped!bit&ThreatID=-2147238152",
+          "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32/NukeSped",
+          "https://malwarefixes.com/threats/win32nukesped/",
+          "https://www.alienvault.com/forums/discussion/17301/alienvault-labs-threat-intelligence-update-for-usm-anywhere-march-25-march-31-2018"
+        ]
+      },
+      "uuid": "5d0369ee-c718-11e8-b328-035ed1bdca07"
     }
   ],
-  "version": 16
+  "version": 17
 }
diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 8934153..2958d02 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -5901,7 +5901,21 @@
         ]
       },
       "uuid": "dda1b28e-c558-11e8-8666-27cf61d1d7ee"
+    },
+    {
+      "value": "FASTCash",
+      "description": "Treasury has identified a sophisticated cyber-enabled ATM cash out campaign we are calling FASTCash. FASTCash has been active since late 2016 targeting banks in Africa and Asia to remotely compromise payment switch application servers within banks to facilitate fraudulent transactions, primarily involving ATMs, to steal cash equivalent to tens of millions of dollars. FBI has attributed malware used in this campaign to the North Korean government. We expect FASTCash to continue targeting retail payment systems vulnerable to remote exploitation.",
+      "uuid": "e38d32a2-c708-11e8-8785-472c4cfccd85",
+      "related": [
+        {
+          "dest-uuid": "e306fe62-c708-11e8-89f2-073e396e5403",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "similar"
+        }
+      ]
     }
   ],
-  "version": 67
+  "version": 68
 }
diff --git a/clusters/tool.json b/clusters/tool.json
index bef6595..af7c878 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -5849,7 +5849,21 @@
         ]
       },
       "uuid": "55d29d1c-c550-11e8-9904-47c1d86af7c5"
+    },
+    {
+      "value": "FASTCash",
+      "description": "Treasury has identified a sophisticated cyber-enabled ATM cash out campaign we are calling FASTCash. FASTCash has been active since late 2016 targeting banks in Africa and Asia to remotely compromise payment switch application servers within banks to facilitate fraudulent transactions, primarily involving ATMs, to steal cash equivalent to tens of millions of dollars. FBI has attributed malware used in this campaign to the North Korean government. We expect FASTCash to continue targeting retail payment systems vulnerable to remote exploitation.",
+      "uuid": "e306fe62-c708-11e8-89f2-073e396e5403",
+      "related": [
+        {
+          "dest-uuid": "e38d32a2-c708-11e8-8785-472c4cfccd85",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "similar"
+        }
+      ]
     }
   ],
-  "version": 89
+  "version": 90
 }