diff --git a/elements/threat-actor-tools.json b/elements/threat-actor-tools.json
index 2ba27cf..8076895 100644
--- a/elements/threat-actor-tools.json
+++ b/elements/threat-actor-tools.json
@@ -28,6 +28,11 @@
     {
       "value": "Joy RAT"
     },
+    {
+      "value": "njRAT",
+      "synonyms": ["Bladakindi"],
+      "refs": ["http://www.fidelissecurity.com/files/files/FTA_1009-njRAT_Uncovered_rev2.pdf"]
+    },
     {
       "value": "Sakula",
       "synonyms": ["Sakurel"]
@@ -225,6 +230,138 @@
     },
     {
       "value": "Tdrop2"
+    },
+    {
+      "value": "ZXShell",
+      "synonyms": ["Sensode"],
+      "refs": ["http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html"]
+    },
+    {
+      "value": "T9000",
+      "refs": ["http://researchcenter.paloaltonetworks.com/2016/02/t9000-advanced-modular-backdoor-uses-complex-anti-analysis-techniques/"]
+    },
+    {
+      "value": "T5000",
+      "synonyms": ["Plat1"],
+      "refs": ["http://www.cylance.com/techblog/Grand-Theft-Auto-Panda.shtml"]
+    },
+    {
+      "value": "Taidoor",
+      "refs": ["http://www.symantec.com/connect/blogs/trojantaidoor-takes-aim-policy-think-tanks"]
+    },
+    {
+      "value": "Swisyn",
+      "refs": ["http://labs.alienvault.com/labs/index.php/2013/latest-adobe-pdf-exploit-used-to-target-uyghur-and-tibetan-activists/"]
+    },
+    {
+      "value": "Rekaf",
+      "refs": ["https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"]
+    },
+    {
+      "value": "Scieron"
+    },
+    {
+      "value": "SkeletonKey",
+      "refs": ["http://www.secureworks.com/cyber-threat-intelligence/threats/skeleton-key-malware-analysis/"]
+    },
+    {
+      "value": "Skyipot",
+      "refs": ["http://labs.alienvault.com/labs/index.php/2011/another-sykipot-sample-likely-targeting-us-federal-agencies/"]
+    },
+    {
+      "value": "Spindest",
+      "refs": ["http://www.threatconnect.com/news/threatconnect-enables-healthy-networking-biomed-life-sciences-industry/"]
+    },
+    {
+      "value": "Preshin"
+    },
+    {
+      "value": "Rekaf",
+      "refs": ["https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"]
+    },
+    {
+      "value": "Oficla"
+    },
+    {
+      "value": "PCClient RAT",
+      "refs": ["http://researchcenter.paloaltonetworks.com/2014/10/new-indicators-compromise-apt-group-nitro-uncovered/"]
+    },
+    {
+      "value": "Plexor"
+    },
+    {
+      "value": "Mongall",
+      "refs": ["https://www.fireeye.com/blog/threat-research/2014/09/the-path-to-mass-producing-cyber-attacks.html"]
+    },
+    {
+      "value": "NeD Worm",
+      "refs": ["http://www.clearskysec.com/dustysky/"]
+    },
+    {
+      "value": "NewCT",
+      "refs": ["https://www.fireeye.com/blog/threat-research/2014/09/the-path-to-mass-producing-cyber-attacks.html"]
+    },
+    {
+      "value": "Nflog",
+      "refs": ["https://www.fireeye.com/blog/threat-research/2014/09/the-path-to-mass-producing-cyber-attacks.html"]
+    },
+    {
+      "value": "Janicab",
+      "refs": ["http://blog.avast.com/2013/07/22/multisystem-trojan-janicab-attacks-windows-and-macosx-via-scripts/"]
+    },
+    {
+      "value": "Jripbot",
+      "synonyms": ["Jiripbot"],
+      "refs": ["http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/butterfly-corporate-spies-out-for-financial-gain.pdf"]
+    },
+    {
+      "value": "Jolob",
+      "refs": ["http://pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html"]
+    },
+    {
+      "value": "IsSpace",
+      "refs": ["https://www.fireeye.com/blog/threat-research/2014/09/the-path-to-mass-producing-cyber-attacks.html"]
+    },
+    {
+      "value": "Hoardy",
+      "synonyms": ["Hoarde", "Phindolp", "BS2005"]
+    },
+    {
+      "value": "Htran",
+      "refs": ["http://www.secureworks.com/research/threats/htran/"]
+    },
+    {
+      "value": "HTTPBrowser",
+      "synonyms": ["TokenControl"],
+      "refs": ["https://www.threatstream.com/blog/evasive-maneuvers-the-wekby-group-attempts-to-evade-analysis-via-custom-rop"]
+    },
+    {
+      "value": "Disgufa"
+    },
+    {
+      "value": "Elirks"
+    },
+    {
+      "value": "Emdivi",
+      "synonyms": ["Newsripper"],
+      "refs": ["http://www.symantec.com/connect/blogs/operation-cloudyomega-ichitaro-zero-day-and-ongoing-cyberespionage-campaign-targeting-japan"]
+    },
+    {
+      "value": "Etumbot",
+      "synonyms": ["Exploz", "Specfix", "RIPTIDE"],
+      "refs": ["www.arbornetworks.com/asert/wp-content/uploads/2014/06/ASERT-Threat-Intelligence-Brief-2014-07-Illuminating-Etumbot-APT.pdf"]
+    },
+    {
+      "value": "Fexel",
+      "synonyms": ["Loneagent"]
+    },
+    {
+      "value": "Fysbis",
+      "refs": ["http://researchcenter.paloaltonetworks.com/2016/02/a-look-into-fysbis-sofacys-linux-backdoor/"]
+    },
+    {
+      "value": "Hikit",
+      "refs": ["https://blog.bit9.com/2013/02/25/bit9-security-incident-update/"]
     }
   ],
   "version" : 1,