diff --git a/clusters/exploit-kit.json b/clusters/exploit-kit.json
index 4a64b2f..c96105e 100755
--- a/clusters/exploit-kit.json
+++ b/clusters/exploit-kit.json
@@ -101,6 +101,20 @@
 		"status": "Active"
        }
     }
+,
+    { "value": "MWI",
+      "description": "Microsoft Word Intruder is an exploit kit focused on Word and embedded flash exploits. The author wants to avoid their customer to use it in mass spam campaign, so it's most often connected to semi-targeted attacks",
+      "meta": {
+        "refs": [
+          "https://www.fireeye.com/blog/threat-research/2015/04/a_new_word_document.html",
+          "https://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/sophos-microsoft-word-intruder-revealed.pdf"
+        ],
+       "synonyms": [
+          ""
+        ],
+		"status": "Active"
+       }
+    }
 ,
     { "value": "Neutrino",
       "description": "Neutrino Exploit Kit has been one of the major exploit kit from its launch in 2013 till september 2016 when it become private (defense name for this variation is Neutrino-v). This EK vanished from  march 2014 till november 2014.",