diff --git a/clusters/tool.json b/clusters/tool.json
index 132ec37..871539e 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -3806,6 +3806,15 @@
           "https://www.csoonline.com/article/2132422/malware-cybercrime/cyberespionage-malware--miniflame--discovered.html"
         ]
       }
+    },
+    {
+      "value": "GHOTEX",
+      "description": "PE_GHOTEX.A-O is a portable executable (PE is the standard executable format for 32-bit Windows files) virus. PE viruses infect executable Windows files by incorporating their code into these files such that they are executed when the infected files are opened.",
+      "meta": {
+        "refs": [
+          "https://www.trendmicro.com/vinfo/dk/threat-encyclopedia/archive/malware/pe_ghotex.a-o"
+        ]
+      }
     }
   ]
 }