diff --git a/elements/threat-actor-tools.json b/elements/threat-actor-tools.json
index 7710501..357f11c 100644
--- a/elements/threat-actor-tools.json
+++ b/elements/threat-actor-tools.json
@@ -456,7 +456,29 @@
     {
       "value": "ShimRAT",
       "refs": ["https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp-white.pdf"]
+    },
+    {
+      "value": "X-Agent",
+      "refs": ["http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-update-ios-espionage-app-found/"],
+      "synonyms": ["XAgent"]
+    },
+    {
+      "value": "X-Tunnel",
+      "synonyms": ["XTunnel"]
+    },
+    {
+      "value": "Foozer",
+      "refs": ["https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/"]
+    },
+    {
+      "value": "WinIDS",
+      "refs": ["https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/"]
+    },
+    {
+      "value": "DownRange",
+      "refs": ["https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/"]
     }
+
   ],
   "version" : 1,
   "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",