diff --git a/clusters/tool.json b/clusters/tool.json
index b4a9d1c..cc6af7f 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -417,9 +417,17 @@
     },
     {
       "value": "Pirpi",
+      "description": "Symantec has observed Buckeye activity dating back to 2009, involving attacks on various organizations in several regions. Buckeye used a remote access Trojan (Backdoor.Pirpi) in attacks against a US organization’s network in 2009. The group delivered Backdoor.Pirpi through malicious attachments or links in convincing spear-phishing emails.",
       "meta": {
+        "synonyms": [
+          "Badey",
+          "EXL"
+        ],
         "refs": [
           "http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong"
+        ],
+        "type": [
+          "Backdoor"
         ]
       }
     },