tryto fix duplicate

clusters/threat-actor.json

@@ -2111,16 +2111,15 @@
         "cfr-type-of-incident": "Espionage",
         "country": "IR",
         "refs": [
-          "http://cdn2.hubspot.net/hubfs/270968/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf",
-          "https://www.secureworks.com/research/the-curious-case-of-mia-ash",
-          "http://www.secureworks.com/cyber-threat-intelligence/threats/suspected-iran-based-hacker-group-creates-network-of-fake-linkedin-profiles/",
-          "https://www.cfr.org/interactive/cyber-operations/operation-cleaver",
           "https://www.cfr.org/interactive/cyber-operations/magic-hound",
+          "https://www.secureworks.com/research/the-curious-case-of-mia-ash",
+          "https://www.cfr.org/interactive/cyber-operations/operation-cleaver",
+          "http://cdn2.hubspot.net/hubfs/270968/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf",
+          "http://www.secureworks.com/cyber-threat-intelligence/threats/suspected-iran-based-hacker-group-creates-network-of-fake-linkedin-profiles/",
           "https://www.cylance.com/content/dam/cylance/pages/operation-cleaver/Cylance_Operation_Cleaver_Report.pdf",
           "https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-woolen-goldfish-when-kittens-go-phishing",
           "https://unit42.paloaltonetworks.com/unit42-magic-hound-campaign-attacks-saudi-targets/",
           "https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations",
-          "https://www.secureworks.com/research/the-curious-case-of-mia-ash",
           "https://blogs.microsoft.com/on-the-issues/2019/03/27/new-steps-to-protect-customers-from-hacking/",
           "https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-spy-kittens-are-back.pdf",
           "https://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf",
@@ -2134,7 +2133,6 @@
           "2889",
           "TG-2889",
           "Cobalt Gypsy",
-          "Ghambar",
           "Rocket_Kitten",
           "Cutting Kitten",
           "Group 41",
@@ -2897,15 +2895,15 @@
         "refs": [
           "https://threatpost.com/operation-blockbuster-coalition-ties-destructive-attacks-to-lazarus-group/116422/",
           "https://www.us-cert.gov/ncas/alerts/TA17-164A",
-          "https://securelist.com/lazarus-under-the-hood/77908/",
-          "http://www.mcafee.com/us/resources/white-papers/wp-dissecting-operation-troy.pdf",
-          "https://www.us-cert.gov/HIDDEN-COBRA-North-Korean-Malicious-Cyber-Activity",
           "https://www.us-cert.gov/ncas/alerts/TA17-318A",
           "https://www.us-cert.gov/ncas/alerts/TA17-318B",
+          "https://securelist.com/operation-applejeus/87553/",
+          "https://securelist.com/lazarus-under-the-hood/77908/",
+          "https://www.us-cert.gov/HIDDEN-COBRA-North-Korean-Malicious-Cyber-Activity",
+          "http://www.mcafee.com/us/resources/white-papers/wp-dissecting-operation-troy.pdf",
           "https://www.bleepingcomputer.com/news/security/north-korean-hackers-are-up-to-no-good-again/",
           "https://www.cfr.org/interactive/cyber-operations/lazarus-group",
           "https://www.cfr.org/interactive/cyber-operations/operation-ghostsecret",
-          "https://securelist.com/operation-applejeus/87553/",
           "https://www.cfr.org/interactive/cyber-operations/compromise-cryptocurrency-exchanges-south-korea",
           "https://www.bleepingcomputer.com/news/security/lazarus-group-deploys-its-first-mac-malware-in-cryptocurrency-exchange-hack/",
           "https://content.fireeye.com/apt/rpt-apt38",
@@ -2920,17 +2918,15 @@
           "https://www.welivesecurity.com/2018/04/03/lazarus-killdisk-central-american-casino/",
           "https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/hidden-cobra-targets-turkish-financial-sector-new-bankshot-implant/",
           "https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/",
-          "https://securelist.com/operation-applejeus/87553/",
+          "https://www.us-cert.gov/ncas/analysis-reports/AR19-129A",
           "https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/operation-sharpshooter-targets-global-defense-critical-infrastructure/",
           "https://securelist.com/cryptocurrency-businesses-still-being-targeted-by-lazarus/90019/",
           "https://www.theregister.co.uk/2019/04/10/lazarus_group_malware/",
-          "https://www.us-cert.gov/ncas/analysis-reports/AR19-129A",
           "https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf",
           "https://www.justice.gov/opa/pr/north-korean-regime-backed-programmer-charged-conspiracy-conduct-multiple-cyber-attacks-and",
           "https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/a-look-into-the-lazarus-groups-operations",
           "https://www.kaspersky.com/about/press-releases/2017_chasing-lazarus-a-hunt-for-the-infamous-hackers-to-prevent-large-bank-robberies",
           "https://medium.com/threat-intel/lazarus-attacks-wannacry-5fdeddee476c",
-          "https://content.fireeye.com/apt/rpt-apt38",
           "https://attack.mitre.org/groups/G0032/",
           "https://threatpost.com/lazarus-apt-spinoff-linked-to-banking-hacks/124746/",
           "https://www.symantec.com/connect/blogs/duuzer-back-door-trojan-targets-south-korea-take-over-computers",
@@ -5545,7 +5541,6 @@
           "https://www.fireeye.com/blog/threat-research/2019/03/apt40-examining-a-china-nexus-espionage-actor.html",
           "https://www.recordedfuture.com/chinese-threat-actor-tempperiscope/",
           "https://www.fireeye.com/blog/threat-research/2018/07/chinese-espionage-group-targets-cambodia-ahead-of-elections.html",
-          "https://www.fireeye.com/blog/threat-research/2019/03/apt40-examining-a-china-nexus-espionage-actor.html",
           "https://attack.mitre.org/groups/G0065/"
         ],
         "synonyms": [