diff --git a/clusters/tool.json b/clusters/tool.json
index 20e942b7..5469aecb 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -15,7 +15,7 @@
           "Agent.dhwf"
         ],
         "type": [
-          "rat"
+          "Backdoor"
         ]
       }
     },
@@ -27,7 +27,7 @@
           "https://www.zscaler.com/pdf/whitepapers/msupdater_trojan_whitepaper.pdfx"
         ],
         "type": [
-          "rat"
+          "Backdoor"
         ]
       }
     },
@@ -39,7 +39,7 @@
           "https://github.com/AlessandroZ/LaZagne"
         ],
         "type": [
-          "tool"
+          "HackTool"
         ]
       }
     },
@@ -56,7 +56,7 @@
           "Gen:Trojan.Heur.PT"
         ],
         "type": [
-          "rat"
+          "Backdoor"
         ]
       }
     },
@@ -68,7 +68,7 @@
           "http://researchcenter.paloaltonetworks.com/2016/04/unit42-new-poison-ivy-rat-variant-targets-hong-kong-pro-democracy-activists/"
         ],
         "type": [
-          "rat"
+          "Backdoor"
         ]
       }
     },
@@ -82,7 +82,7 @@
           "Anchor Panda"
         ],
         "type": [
-          "rat"
+          "Backdoor"
         ]
       }
     },
@@ -97,7 +97,7 @@
           "ozonercp"
         ],
         "type": [
-          "rat"
+          "Backdoor"
         ]
       }
     },
@@ -114,13 +114,13 @@
           "Win32/Zegost.BW"
         ],
         "type": [
-          "rat"
+          "Backdoor"
         ]
       }
     },
     {
       "value": "Elise Backdoor",
-      "description": " Trojan (RAT) linked to current targeted attacks and others dating back to at least early 2009",
+      "description": "Trojan (RAT) linked to current targeted attacks and others dating back to at least early 2009",
       "meta": {
         "refs": [
           "http://thehackernews.com/2015/08/elise-malware-hacking.html"
@@ -130,7 +130,7 @@
         ],
         "type": [
           "dropper",
-          "stealer"
+          "PWS"
         ]
       }
     },
@@ -145,7 +145,7 @@
           "Laziok"
         ],
         "type": [
-          "stealer",
+          "PWS",
           "reco"
         ]
       }
@@ -164,8 +164,8 @@
           "Acecard"
         ],
         "type": [
-          "spyware",
-          "android"
+          "Spyware",
+          "AndroidOS"
         ]
       }
     },
@@ -185,9 +185,9 @@
           "PWOQuery"
         ],
         "type": [
-          "dropper",
-          "miner",
-          "spyware"
+          "Dropper",
+          "Miner",
+          "Spyware"
         ]
       }
     },
@@ -203,7 +203,7 @@
           "http://blog.trendmicro.com/trendlabs-security-intelligence/lost-door-rat-accessible-customizable-attack-tool/"
         ],
         "type": [
-          "rat"
+          "Backdoor"
         ]
       }
     },
@@ -218,7 +218,7 @@
           "http://www.fidelissecurity.com/files/files/FTA_1009-njRAT_Uncovered_rev2.pdf"
         ],
         "type": [
-          "rat"
+          "Backdoor"
         ]
       }
     },
@@ -234,6 +234,9 @@
         "refs": [
           "http://www.symantec.com/connect/blogs/nanocore-another-rat-tries-make-it-out-gutter",
           "https://nanocore.io/"
+        ],
+        "type": [
+          "Backdoor"
         ]
       }
     },
@@ -242,6 +245,23 @@
       "meta": {
         "synonyms": [
           "Sakurel"
+        ],
+        "refs": [
+          "https://www.secureworks.com/research/sakula-malware-family"
+        ],
+        "type": [
+          "Backdoor"
+        ]
+      }
+    },
+    {
+      "value": "Hi-ZOR",
+      "meta": {
+        "refs": [
+          "http://www.threatgeek.com/2016/01/introducing-hi-zor-rat.html"
+        ],
+        "type": [
+          "Backdoor"
         ]
       }
     },