diff --git a/clusters/tool.json b/clusters/tool.json
index cb1687a..7ff7bb7 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -199,10 +199,14 @@
       "description": "We recently came across a cyber attack that used a remote access Trojan (RAT) called Lost Door, a tool currently offered on social media sites. What also struck us the most about this RAT (detected as BKDR_LODORAT.A) is how it abuses the Port Forward feature in routers.",
       "meta": {
         "synonyms": [
-          "LostDoor RAT"
+          "LostDoor RAT",
+          "BKDR_LODORAT"
         ],
         "refs": [
           "http://blog.trendmicro.com/trendlabs-security-intelligence/lost-door-rat-accessible-customizable-attack-tool/"
+        ],
+        "category": [
+            "rat"
         ]
       }
     },
@@ -210,10 +214,14 @@
       "value": "njRAT",
       "meta": {
         "synonyms": [
-          "Bladabindi"
+          "Bladabindi",
+          "Jorik"
         ],
         "refs": [
           "http://www.fidelissecurity.com/files/files/FTA_1009-njRAT_Uncovered_rev2.pdf"
+        ],
+        "category": [
+            "rat"
         ]
       }
     },
@@ -221,10 +229,14 @@
       "value": "NanoCoreRAT",
       "meta": {
         "synonyms": [
-          "NanoCore"
+          "NanoCore",
+          "Nancrat",
+          "Zurten",
+          "Atros2.CKPN" 
         ],
         "refs": [
-          "http://www.symantec.com/connect/blogs/nanocore-another-rat-tries-make-it-out-gutter"
+          "http://www.symantec.com/connect/blogs/nanocore-another-rat-tries-make-it-out-gutter",
+          "https://nanocore.io/"
         ]
       }
     },