diff --git a/clusters/banker.json b/clusters/banker.json
index e247ae3..cb3d66d 100644
--- a/clusters/banker.json
+++ b/clusters/banker.json
@@ -211,6 +211,9 @@
           "https://www.proofpoint.com/us/threat-insight/post/threat-actors-using-legitimate-paypal-accounts-to-distribute-chthonic-banking-trojan",
           "https://securelist.com/chthonic-a-new-modification-of-zeus/68176/"
         ],
+        "synonyms": [
+          "Chtonic"
+        ],
         "date": "First seen fall of 2014"
       },
       "description": "Chthonic according to Kaspersky is an evolution of Zeus VM.  It uses the same encryptor as Andromeda bot, the same encryption scheme as Zeus AES and Zeus V2 Trojans, and a virtual machine similar to that used in ZeusVM and KINS malware.",
@@ -568,7 +571,7 @@
       "uuid": "f93acc85-8d2c-41e0-b0c5-47795b8c6194"
     }
   ],
-  "version": 7,
+  "version": 8,
   "uuid": "59f20cce-5420-4084-afd5-0884c0a83832",
   "description": "A list of banker malware.",
   "authors": [
diff --git a/clusters/tool.json b/clusters/tool.json
index 59baa59..500f0ac 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -11,7 +11,7 @@
   ],
   "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
   "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
-  "version": 63,
+  "version": 64,
   "values": [
     {
       "meta": {
@@ -1704,15 +1704,6 @@
       "value": "DownRage",
       "uuid": "ab5c4362-c369-4c78-985d-04ba1226ea32"
     },
-    {
-      "meta": {
-        "refs": [
-          "https://www.proofpoint.com/us/threat-insight/post/threat-actors-using-legitimate-paypal-accounts-to-distribute-chthonic-banking-trojan"
-        ]
-      },
-      "value": "Chthonic",
-      "uuid": "783f61a1-8210-4145-b801-53f71b909ebf"
-    },
     {
       "value": "GeminiDuke",
       "description": "GeminiDuke is malware that was used by APT29 from 2009 to 2012.",