diff --git a/clusters/tool.json b/clusters/tool.json
index f1d56b2..f470296 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -2,7 +2,7 @@
   "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
   "name": "Tool",
   "source": "MISP Project",
-  "version": 72,
+  "version": 73,
   "values": [
     {
       "meta": {
@@ -4262,6 +4262,16 @@
           "https://www.us-cert.gov/ncas/alerts/TA18-149A"
         ]
       }
+    },
+    {
+      "uuid": "d1482c9e-6af3-11e8-aa8e-279274bd10c7",
+      "value": "PLEAD",
+      "description": "PLEAD has two kinds – RAT (Remote Access Tool) and downloader. The RAT operates based on commands that are provided from C&C servers. On the other hand, PLEAD downloader downloads modules and runs it on memory in the same way as TSCookie does.",
+      "meta": {
+        "refs": [
+          "https://blog.jpcert.or.jp/2018/06/plead-downloader-used-by-blacktech.html"
+        ]
+      }
     }
   ],
   "authors": [