diff --git a/clusters/tool.json b/clusters/tool.json
index 69ae9bc..940a094 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -7844,7 +7844,19 @@
       },
       "uuid": "a577bb0d-9732-449a-80f7-5e6c93e6046c",
       "value": "Reductor"
+    },
+    {
+      "value": "ProcDump",
+      "description": "Legitimate tool - command-line tool used to monitor a running process and dump memory depending on customcriteria. The attackers use this tool to dump the LSASS process to gatherWINDOWScredentials hashes"
+    },
+    {
+      "value": "CertMig",
+      "description": "Legitimate tool - command-line tool used to import and export certificates on a machine. The attackers use this toolto gather credentials used for VPN authentication to the clients’ networks"
+    },
+    {
+      "value": "Netscan",
+      "description": "Legitimate tool - tool used to scan IPv4/IPv6 networks and remotely execute PowerShell commands."
     }
   ],
-  "version": 125
+  "version": 126
 }