diff --git a/clusters/rat.json b/clusters/rat.json
index 963a631..1daa7e8 100644
--- a/clusters/rat.json
+++ b/clusters/rat.json
@@ -175,11 +175,17 @@
       "meta": {
         "synonyms": [
           "UNRECOM",
-          "UNiversal REmote COntrol Multi-Platform"
+          "UNiversal REmote COntrol Multi-Platform",
+          "Frutas",
+          "AlienSpy",
+          "Unrecom",
+          "Jsocket",
+          "JBifrost"
         ],
         "refs": [
           "https://securelist.com/securelist/files/2016/02/KL_AdwindPublicReport_2016.pdf",
-          "https://www.f-secure.com/v-descs/backdoor_java_adwind.shtml"
+          "https://www.f-secure.com/v-descs/backdoor_java_adwind.shtml",
+          "https://blog.fortinet.com/2016/08/16/jbifrost-yet-another-incarnation-of-the-adwind-rat"
         ]
       },
       "description": "Backdoor:Java/Adwind is a Java archive (.JAR) file that drops a malicious component onto the machines and runs as a backdoor. When active, it is capable of stealing user information and may also be used to distribute other malware. ",