diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 52a55d7..27a3e18 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -45,7 +45,14 @@
           "https://en.wikipedia.org/wiki/PLA_Unit_61398",
           "http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf",
           "https://www.cfr.org/interactive/cyber-operations/pla-unit-61398",
-          "https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf"
+          "https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf",
+          "https://blog.trendmicro.com/trendlabs-security-intelligence/the-siesta-campaign-a-new-targeted-attack-awakens/",
+          "https://www.fireeye.com/blog/threat-research/2014/03/a-detailed-examination-of-the-siesta-campaign.html",
+          "https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/operation-oceansalt-delivers-wave-after-wave/",
+          "https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-oceansalt.pdf",
+          "https://www.symantec.com/connect/blogs/apt1-qa-attacks-comment-crew",
+          "https://attack.mitre.org/groups/G0006/",
+          "https://www.nytimes.com/2014/05/20/us/us-to-charge-chinese-workers-with-cyberspying.html"
         ],
         "synonyms": [
           "Comment Panda",
@@ -58,7 +65,9 @@
           "TG-8223",
           "Comment Group",
           "Brown Fox",
-          "GIF89a"
+          "GIF89a",
+          "ShadyRAT",
+          "Shanghai Group"
         ]
       },
       "related": [
@@ -4606,7 +4615,9 @@
           "https://blog.domaintools.com/2017/03/hunt-case-study-hunting-campaign-indicators-on-privacy-protected-attack-infrastructure/",
           "http://www.clearskysec.com/copykitten-jpost/",
           "http://www.clearskysec.com/tulip/",
-          "https://www.cfr.org/interactive/cyber-operations/copykittens"
+          "https://www.cfr.org/interactive/cyber-operations/copykittens",
+          "https://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf",
+          "https://attack.mitre.org/groups/G0052/"
         ],
         "synonyms": [
           "Slayer Kitten"
@@ -5243,7 +5254,8 @@
         "attribution-confidence": "50",
         "country": "LB",
         "refs": [
-          "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
+          "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "https://attack.mitre.org/groups/G0070/"
         ]
       },
       "uuid": "3d449c83-4426-431a-b06a-cb4f8a0fca94",