diff --git a/elements/threat-actor-tools.json b/elements/threat-actor-tools.json
new file mode 100644
index 0000000..9772544
--- /dev/null
+++ b/elements/threat-actor-tools.json
@@ -0,0 +1,43 @@
+{
+  "values": [
+    {
+      "value": "PlugX",
+      "description": "Malware"
+    },
+    {
+      "value": "MSUpdater"
+    },
+    {
+      "value": "Poison Ivy"
+    },
+    {
+      "value": "Torn RAT"
+    },
+    {
+      "value": "Joy RAT"
+    },
+    {
+      "value": "Sakula",
+      "synonyms": ["Sakurel"]
+    },
+    {
+      "value": "Derusbi"
+    },
+    {
+      "value": "EvilGrab"
+    },
+    {
+      "value": "IEChecker"
+    },
+    {
+      "value": "Trojan.Naid"
+    },
+    {
+      "value": "Backdoor.Moudoor"
+    }
+  ],
+  "version" : 1,
+  "description": "threat-actor-tools is an enumeration of tools used by adversaries.",
+  "author": ["Alexandre Dulaunoy"],
+  "type": "threat-actor-tools"
+}