diff --git a/clusters/exploit-kit.json b/clusters/exploit-kit.json
index f7beeab..006b21d 100755
--- a/clusters/exploit-kit.json
+++ b/clusters/exploit-kit.json
@@ -10,7 +10,7 @@
        "synonyms": [
           "Stegano EK"
         ],
-		"status": "Active"
+		"status": "Unknown - Last Seen 2016-12-07"
        }
     }
 ,
@@ -52,7 +52,7 @@
           "RIG-E"
         ]
 	   ,
-		"status": "Active"
+		"status": "Unknown - Last seen: 2016-12-29"
        }
     }
 ,
@@ -121,7 +121,7 @@
        "synonyms": [
           "Job314",
           "Neutrino Rebooted",
-		  "Neutrino-v"
+          "Neutrino-v"
         ]		
 		,
 		"status": "Active"
@@ -140,7 +140,8 @@
        "synonyms": [
           "RIG 3",
 		  "RIG-v",
-		  "RIG 4"
+		  "RIG 4",
+		  "Meadgive"
         ],
 		"status": "Active"
        }
@@ -194,7 +195,7 @@
        "synonyms": [
           "Beps",
           "Xer",
-		  "Beta"
+          "Beta"
         ],
 		"status": "Active",
 		"colour": "#C03701"
@@ -211,7 +212,8 @@
         ],
        "synonyms": [
           "XXX",
-          "AEK"
+          "AEK",
+          "Axpergle"
         ],
 		"status": "Retired - Last seen: 2016-06-07"
        }
@@ -281,7 +283,8 @@
           "http://www.kahusecurity.com/2011/neosploit-is-back/"
         ],
        "synonyms": [
-          "NeoSploit"
+          "NeoSploit",
+          "Fiexp"
         ]
 		,
 		"status": "Retired - Last Seen: beginning of 2015-07"
@@ -409,7 +412,8 @@
        "synonyms": [
           "NEK",
           "Nuclear Pack",
-		  "Spartan"
+		  "Spartan",
+		  "Neclu"
         ]		,
 		"status": "Retired - Last seen: 2015-04-30"
        }
@@ -449,7 +453,7 @@
         "refs": [
           "https://www.trustwave.com/Resources/SpiderLabs-Blog/A-Wild-Exploit-Kit-Appears----Meet-RedKit/",
           "http://malware.dontneedcoffee.com/2012/05/inside-redkit.html",
-		  "https://nakedsecurity.sophos.com/2013/05/09/redkit-exploit-kit-part-2/"
+          "https://nakedsecurity.sophos.com/2013/05/09/redkit-exploit-kit-part-2/"
         ],
 		"status": "Retired"
        }
@@ -472,7 +476,8 @@
           "http://malware.dontneedcoffee.com/2012/12/juice-sweet-orange-2012-12.html"
         ],
        "synonyms": [
-          "SWO"
+          "SWO",
+          "Anogre"
         ],
 		"status": "Retired - Last seen: 2015-04-05"
        }
@@ -483,7 +488,7 @@
       "meta": {
         "refs": [
           "http://malware.dontneedcoffee.com/2012/12/crossing-styx-styx-sploit-pack-20-cve.html",
-		  "https://krebsonsecurity.com/2013/07/styx-exploit-pack-domo-arigato-pc-roboto/",
+          "https://krebsonsecurity.com/2013/07/styx-exploit-pack-domo-arigato-pc-roboto/",
           "http://malware.dontneedcoffee.com/2013/05/inside-styx-2013-05.html"
         ],
 		"status":"Retired - Last seen: 2014-06"
@@ -495,13 +500,13 @@
       "meta": {
         "refs": [
           "https://twitter.com/kafeine",
-		  "https://twitter.com/node5",
+          "https://twitter.com/node5",
           "https://twitter.com/kahusecurity"
         ]
        }
     }
 ],
-  "version": 2,
+  "version": 3,
   "uuid": "454f4e78-bd7c-11e6-a4a6-cec0c932ce01",
   "description": "Exploit-Kit is an enumeration of some exploitation kits used by adversaries. The list includes document, browser and router exploit kits.It's not meant to be totally exhaustive but aim at covering the most seen in the past 5 years",
   "authors": [
diff --git a/clusters/ransomware.json b/clusters/ransomware.json
index c802220..28608c2 100644
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@@ -859,6 +859,10 @@
     {
       "description": "GNL Locker; .zyklon; ",
       "value": "Zyklon"
+    },
+    {
+      "description": "AES; ",
+      "value": "Erebus"
     }
   ],
   "source": "https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml"