diff --git a/clusters/botnet.json b/clusters/botnet.json
index dd9f867..df6dea5 100644
--- a/clusters/botnet.json
+++ b/clusters/botnet.json
@@ -1364,7 +1364,26 @@
       ],
       "uuid": "421a3805-7741-4315-82c2-6c9aa30d0953",
       "value": "Qbot"
+    },
+    {
+      "description": "This malware is characterized by alternative DNS connections and connects to several *.lib domains using custom DNS servers.",
+      "meta": {
+        "refs": [
+          "https://www.lacework.com/blog/kinsing-dark-iot-botnet-among-threats-targeting-cve-2022-26134/"
+        ]
+      },
+      "related": [
+        {
+          "dest-uuid": "fcdfd4af-da35-49a8-9610-19be8a487185",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "variant-of"
+        }
+      ],
+      "uuid": "505c6a54-a701-4a4b-85d4-0f2038b7b46a",
+      "value": "Dark.IoT"
     }
   ],
-  "version": 27
+  "version": 28
 }