diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index cd7a485..78d1c2f 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -665,8 +665,7 @@
           "https://www.bleepingcomputer.com/news/security/teamviewer-confirms-undisclosed-breach-from-2016/",
           "https://blog.trendmicro.com/trendlabs-security-intelligence/winnti-abuses-github/",
           "https://www.dw.com/en/bayer-points-finger-at-wicked-panda-in-cyberattack/a-48196004",
-          "https://www.welivesecurity.com/2019/03/11/gaming-industry-scope-attackers-asia/",
-          "https://securelist.com/winnti-more-than-just-a-game/37029/",
+          "https://www.welivesecurity.com/2019/03/11/gaming-industry-scope-attackers-asia/",,
           "https://401trg.com/burning-umbrella/",
           "https://attack.mitre.org/groups/G0044/",
           "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-july-wicked-spider/"
@@ -2530,29 +2529,28 @@
         "cfr-type-of-incident": "Espionage",
         "country": "RU",
         "refs": [
-          "https://www.first.org/resources/papers/tbilisi2014/turla-operations_and_development.pdf",
           "https://www.circl.lu/pub/tr-25/",
-          "https://www.theguardian.com/technology/2014/aug/07/turla-hackers-spying-governments-researcher-kaspersky-symantec",
-          "https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/waterbug-attack-group.pdf",
-          "https://securelist.com/analysis/publications/65545/the-epic-turla-operation/",
-          "https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-control-in-the-sky/",
-          "https://securelist.com/blog/research/67962/the-penquin-turla-2/",
-          "https://www2.fireeye.com/rs/848-DID-242/images/rpt-witchcoven.pdf",
-          "https://www.welivesecurity.com/2017/03/30/carbon-paper-peering-turlas-second-stage-backdoor/",
-          "https://www.cfr.org/interactive/cyber-operations/turla",
-          "https://www.bleepingcomputer.com/news/security/turla-outlook-backdoor-uses-clever-tactics-for-stealth-and-persistence/",
-          "https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/november/turla-png-dropper-is-back/",
-          "http://download.bitdefender.com/resources/files/News/CaseStudies/study/115/Bitdefender-Whitepaper-PAC-A4-en-EN1.pdf",
-          "https://www.kaspersky.com/blog/moonlight-maze-the-lessons/6713/",
-          "https://www.nytimes.com/2010/08/26/technology/26cyber.html",
-          "https://yle.fi/uutiset/osasto/news/russian_group_behind_2013_foreign_ministry_hack/8591548",
+          "https://securelist.com/introducing-whitebear/81638/",
           "https://securelist.com/the-epic-turla-operation/65545/",
-          "https://www.melani.admin.ch/melani/en/home/dokumentation/reports/technical-reports/technical-report_apt_case_ruag.html",
+          "https://www.cfr.org/interactive/cyber-operations/turla",
+          "https://www.nytimes.com/2010/08/26/technology/26cyber.html",
+          "https://securelist.com/blog/research/67962/the-penquin-turla-2/",
+          "https://www.kaspersky.com/blog/moonlight-maze-the-lessons/6713/",
+          "https://www2.fireeye.com/rs/848-DID-242/images/rpt-witchcoven.pdf",
+          "https://securelist.com/analysis/publications/65545/the-epic-turla-operation/",
           "https://threatpost.com/linux-modules-connected-to-turla-apt-discovered/109765/",
           "https://securelist.com/satellite-turla-apt-command-and-control-in-the-sky/72081/",
           "https://www.welivesecurity.com/2018/05/22/turla-mosquito-shift-towards-generic-tools/",
-          "https://securelist.com/introducing-whitebear/81638/",
+          "https://www.first.org/resources/papers/tbilisi2014/turla-operations_and_development.pdf",
+          "https://yle.fi/uutiset/osasto/news/russian_group_behind_2013_foreign_ministry_hack/8591548",
           "https://www.welivesecurity.com/2017/03/30/carbon-paper-peering-turlas-second-stage-backdoor/",
+          "https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-control-in-the-sky/",
+          "https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/november/turla-png-dropper-is-back/",
+          "https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/waterbug-attack-group.pdf",
+          "https://www.theguardian.com/technology/2014/aug/07/turla-hackers-spying-governments-researcher-kaspersky-symantec",
+          "https://www.bleepingcomputer.com/news/security/turla-outlook-backdoor-uses-clever-tactics-for-stealth-and-persistence/",
+          "http://download.bitdefender.com/resources/files/News/CaseStudies/study/115/Bitdefender-Whitepaper-PAC-A4-en-EN1.pdf",
+          "https://www.melani.admin.ch/melani/en/home/dokumentation/reports/technical-reports/technical-report_apt_case_ruag.html",
           "https://unit42.paloaltonetworks.com/unit42-kazuar-multiplatform-espionage-backdoor-api-access/",
           "https://www.engadget.com/2017/06/07/russian-malware-hidden-britney-spears-instagram/",
           "https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdf",