diff --git a/clusters/tool.json b/clusters/tool.json
index 65266f7..0af009d 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -2073,9 +2073,22 @@
           "http://researchcenter.paloaltonetworks.com/2017/03/unit42-trochilus-rat-new-moonwind-rat-used-attack-thai-utility-organizations/"
         ]
       }
+    },
+    {
+      "meta": {
+        "synonyms": [
+          "Pegasus",
+          "Pegasus spyware"
+        ],
+        "refs": [
+          "https://security.googleblog.com/2017/04/an-investigation-of-chrysaor-malware-on.html"
+        ]
+      },
+      "value": "Chrysaor",
+      "description": "Chrysaor is spyware believed to be created by NSO Group Technologies, specializing in the creation and sale of software and infrastructure for targeted attacks. Chrysaor is believed to be related to the Pegasus spyware that was first identified on iOS and analyzed by Citizen Lab and Lookout."
     }
   ],
-  "version": 26,
+  "version": 27,
   "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
   "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
   "authors": [