From 6b1142abac26ae4a2b83592994f30d250c442084 Mon Sep 17 00:00:00 2001
From: Rony <49360849+r0ny123@users.noreply.github.com>
Date: Mon, 23 Dec 2019 22:05:28 +0530
Subject: [PATCH] Update threat-actor.json

---
 clusters/threat-actor.json | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index d503658..3f70e03 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -1604,14 +1604,14 @@
         "country": "CN",
         "refs": [
           "http://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks-attributed-apt-group-th3bug-using-poison-ivy/",
-          "https://www.fox-it.com/nl/actueel/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
+          "https://www.fox-it.com/nl/actueel/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/",
+          "https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2015/Aug.10.The_Italian_Connection_An_analysis_of_exploit_supply_chains_and_digital_quartermasters/HTExploitTelemetry.pdf"
         ],
         "synonyms": [
           "APT20",
           "APT 20",
-          "APT8",
-          "APT 8",
-          "TH3Bug"
+          "TH3Bug",
+          "Twivy"
         ]
       },
       "uuid": "8bcd855f-a4c1-453a-bede-ff36582f4f40",