diff --git a/clusters/tool.json b/clusters/tool.json
index 336953e..4638ca4 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -10,7 +10,7 @@
   ],
   "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
   "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
-  "version": 28,
+  "version": 29,
   "values": [
     {
       "meta": {
@@ -2614,6 +2614,98 @@
       },
       "description": "HackingTeam Remote Control System (RCS) Galileo hacking platform",
       "value": "RCS Galileo"
+    },
+    {
+      "description": "RedHat 7.0 - 7.1 Sendmail 8.11.x exploit",
+      "value": "EARLYSHOVEL"
+    },
+    {
+      "description": "root RCE via RPC XDR overflow in Solaris 6, 7, 8, 9 & 10 (possibly newer) both SPARC and x86",
+      "value": "EBBISLAND (EBBSHAVE)"
+    },
+    {
+      "description": "remote Samba 3.0.x Linux exploit",
+      "value": "ECHOWRECKER"
+    },
+    {
+      "description": "appears to be an MDaemon email server vulnerability",
+      "value": "EASYBEE"
+    },
+    {
+      "description": "an IBM Lotus Notes exploit that gets detected as Stuxnet",
+      "value": "EASYPI"
+    },
+    {
+      "description": "an exploit for IBM Lotus Domino 6.5.4 & 7.0.2",
+      "value": "EWOKFRENZY"
+    },
+    {
+      "description": "an IIS 6.0 exploit that creates a remote backdoor",
+      "value": "EXPLODINGCAN"
+    },
+    {
+      "description": "a SMB1 exploit over TCP port 445 which targets XP, 2003, Vista, 7, Windows 8, 2008, 2008 R2, and gives SYSTEM privileges (MS17-010)",
+      "value": "ETERNALROMANCE"
+    },
+    {
+      "description": "a SMB exploit (MS09-050)",
+      "value": "EDUCATEDSCHOLAR"
+    },
+    {
+      "description": "a SMB exploit for Windows XP and Server 2003 (MS10-061)",
+      "value": "EMERALDTHREAD"
+    },
+    {
+      "description": "a remote IMAP exploit for IBM Lotus Domino 6.6.4 to 8.5.2",
+      "value": "EMPHASISMINE"
+    },
+    {
+      "description": "Outlook Exchange WebAccess rules to trigger executable code on the client's side to send an email to other users",
+      "value": "ENGLISHMANSDENTIST"
+    },
+    {
+      "description": "0-day exploit (RCE) for Avaya Call Server",
+      "value": "EPICHERO"
+    },
+    {
+      "description": "SMBv1 exploit targeting Windows XP and Server 2003",
+      "value": "ERRATICGOPHER"
+    },
+    {
+      "description": "a SMBv3 remote code execution flaw for Windows 8 and Server 2012 SP0 (MS17-010)",
+      "value": "ETERNALSYNERGY"
+    },
+    {
+      "description": "SMBv2 exploit for Windows 7 SP1 (MS17-010)",
+      "value": "ETERNALBLUE"
+    },
+    {
+      "description": "a SMBv1 exploit",
+      "value": "ETERNALCHAMPION"
+    },
+    {
+      "description": "Kerberos exploit targeting 2000, 2003, 2008 and 2008 R2 domain controllers",
+      "value": "ESKIMOROLL"
+    },
+    {
+      "description": "RDP exploit and backdoor for Windows Server 2003",
+      "value": "ESTEEMAUDIT"
+    },
+    {
+      "description": "RCE exploit for the Server service in Windows Server 2008 and later (MS08-067)",
+      "value": "ECLIPSEDWING"
+    },
+    {
+      "description": "exploit for IMail 8.10 to 8.22",
+      "value": "ETRE"
+    },
+    {
+      "description": "an exploit framework, similar to MetaSploit",
+      "value": "FUZZBUNCH"
+    },
+    {
+      "description": "implant builder and C&C server that can deliver exploits for Windows 2000 and later, also not detected by any AV vendors",
+      "value": "ODDJOB"
     }
   ]
 }