diff --git a/clusters/tool.json b/clusters/tool.json
index 5cf06d8..bbc05ee 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -11,7 +11,7 @@
   ],
   "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
   "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
-  "version": 65,
+  "version": 66,
   "values": [
     {
       "meta": {
@@ -4140,6 +4140,16 @@
         ]
       },
       "uuid": "d1e548b8-4793-11e8-8dea-6beff82cac0a"
+    },
+    {
+      "value": "Rubella Macro Builder",
+      "description": "A crimeware kit dubbed the Rubella Macro Builder has recently been gaining popularity among members of a top-tier Russian hacking forum. Despite being relatively new and unsophisticated, the kit has a clear appeal for cybercriminals: it’s cheap, fast, and can defeat basic static antivirus detection.",
+      "meta": {
+        "refs": [
+          "https://www.flashpoint-intel.com/blog/rubella-macro-builder/"
+        ]
+      },
+      "uuid": "b7be6732-4ed5-11e8-8b82-dff39eb7a396"
     }
   ]
 }