diff --git a/clusters/tool.json b/clusters/tool.json
index 7ff7bb7..7bb01ec 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -8,14 +8,11 @@
                     "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/web-attack/112/pulling-the-plug-on-plugx"
                 ],
                 "synonyms" : [ 
-                    "W32/Backdoor.FSZO-5117", 
-                    "Gen:Trojan.Heur.JP.juW@ayZZvMb", 
+                    "Backdoor.FSZO-5117", 
+                    "Trojan.Heur.JP.juW@ayZZvMb", 
                     "Trojan.Inject1.6386", 
-                    "Win32/Korplug.A", 
-                    "Trojan.Win32.Korplug", 
-                    "Backdoor/Win32.Plugx", 
-                    "Backdoor.Win32.Agent.dhwf", 
-                    "W32/Korplug.CH!tr"
+                    "Korplug", 
+                    "Agent.dhwf" 
                 ],
                 "category" : [ 
                     "rat"