diff --git a/elements/threat-actor-tools.json b/elements/threat-actor-tools.json
index 66bffc5..2ba27cf 100644
--- a/elements/threat-actor-tools.json
+++ b/elements/threat-actor-tools.json
@@ -8,7 +8,9 @@
       "value": "MSUpdater"
     },
     {
-      "value": "Poison Ivy"
+      "value": "Poison Ivy",
+      "description": "Poison Ivy is a RAT which was freely available and first released in 2005.",
+      "refs": ["https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf"]
     },
     {
       "value": "Torn RAT"
@@ -103,6 +105,28 @@
       "value": "AlienSpy",
       "description": "RAT for Apple OS X platforms"
     },
+    {
+      "value": "Gh0st Rat",
+      "description": "Gh0st Rat is a well-known Chinese remote access trojan which was originally made by C.Rufus Security Team several years ago.",
+      "synonyms": ["Gh0stRat, GhostRat"],
+      "refs": ["http://download01.norman.no/documents/ThemanyfacesofGh0stRat.pdf"]
+    },
+    {
+      "value": "Fakem RAT",
+      "description": "Fakem RAT makes their network traffic look like well-known protocols (e.g. Messenger traffic, HTML pages). ",
+      "synonyms": ["FAKEM"],
+      "refs": ["http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-fakem-rat.pdf"]
+    },
+    {
+      "value": "MFC Huner",
+      "synonyms": ["Hupigon", "BKDR_HUPIGON"],
+      "refs": ["http://blog.trendmicro.com/trendlabs-security-intelligence/japan-us-defense-industries-among-targeted-entities-in-latest-attack/"]
+    },
+    {
+      "value": "Blackshades",
+      "description": "Blackshades Remote Access Tool targets Microsoft Windows operating systems. Authors were arrested in 2012 and 2014.",
+      "refs": ["https://www.justice.gov/usao-sdny/pr/manhattan-us-attorney-and-fbi-assistant-director-charge-announce-charges-connection","https://blog.malwarebytes.org/intelligence/2012/06/you-dirty-rat-part-2-blackshades-net/"]
+    },
     {
       "value": "CORESHELL"
     },