diff --git a/clusters/tool.json b/clusters/tool.json
index ee22f1d..2396114 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -10,7 +10,7 @@
   ],
   "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
   "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
-  "version": 53,
+  "version": 54,
   "values": [
     {
       "meta": {
@@ -3726,6 +3726,16 @@
           "http://blog.jpcert.or.jp/.s/2018/03/malware-tscooki-7aa0.html"
         ]
       }
+    },
+    {
+      "value": "Exforel",
+      "description":  "Exforel backdoor malware, VirTool:WinNT/Exforel.A, backdoor implemented at the Network Driver Interface Specification (NDIS) level.",
+      "meta": {
+        "refs": [
+          "http://news.softpedia.com/news/Exforel-Backdoor-Implemented-at-NDIS-Level-to-Be-More-Stealthy-Experts-Say-313567.shtml"
+        ]
+      },
+      "uuid": "3119554e-236e-11e8-ae2e-b7063732fd07"
     }
   ]
 }