diff --git a/clusters/banker.json b/clusters/banker.json
index f12e8ca..f6c6300 100644
--- a/clusters/banker.json
+++ b/clusters/banker.json
@@ -165,7 +165,8 @@
       "meta": {
         "refs": [
           "https://www.proofpoint.com/us/threat-insight/post/panda-banker-new-banking-trojan-hits-the-market",
-          "https://cyberwtf.files.wordpress.com/2017/07/panda-whitepaper.pdf"
+          "https://cyberwtf.files.wordpress.com/2017/07/panda-whitepaper.pdf",
+          "https://www.proofpoint.com/us/threat-insight/post/zeus-panda-banking-trojan-targets-online-holiday-shoppers"
         ],
         "synonyms": [
           "Zeus Panda"
diff --git a/clusters/ransomware.json b/clusters/ransomware.json
index cccc98b..a66196f 100644
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@@ -8707,6 +8707,17 @@
           "https://objective-see.com/blog/blog_0x25.html"
         ]
       }
+    },
+    {
+      "value": "GandCrab",
+      "description": "A new ransomware called GandCrab was released towards the end of last week that is currently being distributed via exploit kits. GandCrab has some interesting features not seen before in a ransomware, such as being the first to accept the DASH currency and the first to utilize the Namecoin powered .BIT tld. ",
+      "meta": {
+        "date": "January 2018",
+        "refs": [
+          "https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-distributed-by-exploit-kits-appends-gdcb-extension/",
+          "https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-being-distributed-via-malspam-disguised-as-receipts/"
+        ]
+      }
     }
   ],
   "source": "Various",