diff --git a/clusters/exploit-kit.json b/clusters/exploit-kit.json
index 322b352..18703e6 100755
--- a/clusters/exploit-kit.json
+++ b/clusters/exploit-kit.json
@@ -24,6 +24,21 @@
       },
       "uuid": "e9ca60cd-94fc-4a54-ac98-30e675a46b3e",
       "value": "Astrum"
+    }, 
+    {
+      "description": "Underminer EK is an exploit kit that seems to be used privately against users in Asia. Functionalities:  browser profiling and filtering, preventing of client revisits, URL randomization, and asymmetric encryption of payloads.",
+      "meta": {
+        "refs": [
+          "https://blog.trendmicro.com/trendlabs-security-intelligence/new-underminer-exploit-kit-delivers-bootkit-and-cryptocurrency-mining-malware-with-encrypted-tcp-tunnel/",
+        "http://bobao.360.cn/interref/detail/248.html"
+        ],
+        "status": "Active",
+        "synonyms": [
+          "Underminer EK"
+        ]
+      },
+      "uuid": "49492577-62dd-491d-95d4-92a47adbd98a",
+      "value": "Underminer"
     },
     {
       "description": "Bingo EK is the name chosen by the defense for a Fiesta-ish EK first spotted in March 2017 and targetting at that times mostly Russia",