diff --git a/clusters/tool.json b/clusters/tool.json
index 04a8e659..6988a9ce 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -1147,9 +1147,16 @@
       },
       "description": "Also known as “BaneChant”, MM Core is a file-less APT which is executed in memory by a downloader component. It was first reported in 2013 under the version number “2.0-LNK” where it used the tag “BaneChant” in its command-and-control (C2) network request. A second version “2.1-LNK” with the network tag “StrangeLove” was discovered shortly after.",
       "value": "MM Core"
+    },
+    {
+       "meta": {
+         "refs": ["https://en.wikipedia.org/wiki/Shamoon"]
+       },
+       "description": "Shamoon,[a] also known as Disttrack, is a modular computer virus discovered by Seculert[1] in 2012, targeting recent NT kernel-based versions of Microsoft Windows. The virus has been used for cyber espionage in the energy sector.[2][3][4] Its discovery was announced on 16 August 2012 by Symantec,[3] Kaspersky Lab,[5] and Seculert.[6] Similarities have been highlighted by Kaspersky Lab and Seculert between Shamoon and the Flame malware.[5][6]",
+       "value": "Shamoon"
     }
   ],
-  "version": 11,
+  "version": 12,
   "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
   "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
   "author": [