diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 788105b..ba92366 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -2499,7 +2499,8 @@
           "https://www.secureworks.com/research/threat-profiles/iron-hemlock",
           "https://attack.mitre.org/groups/G0016",
           "https://unit42.paloaltonetworks.com/atoms/cloaked-ursa/",
-          "https://go.recordedfuture.com/hubfs/reports/cta-2023-0127.pdf"
+          "https://go.recordedfuture.com/hubfs/reports/cta-2023-0127.pdf",
+          "https://cip.gov.ua/services/cm/api/attachment/download?id=60068"
         ],
         "synonyms": [
           "Group 100",
@@ -2516,7 +2517,8 @@
           "TA421",
           "Blue Kitsune",
           "ITG11",
-          "BlueBravo"
+          "BlueBravo",
+          "UAC-0029"
         ],
         "targeted-sector": [
           "Think Tanks",
@@ -2625,7 +2627,8 @@
           "https://www.welivesecurity.com/2020/12/02/turla-crutch-keeping-back-door-open/",
           "https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag",
           "https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/",
-          "https://services.google.com/fh/files/blogs/google_fog_of_war_research_report.pdf"
+          "https://services.google.com/fh/files/blogs/google_fog_of_war_research_report.pdf",
+          "https://cip.gov.ua/services/cm/api/attachment/download?id=60068"
         ],
         "synonyms": [
           "Snake",
@@ -2649,7 +2652,10 @@
           "Blue Python",
           "SUMMIT",
           "UNC4210",
-          "Secret Blizzard"
+          "Secret Blizzard",
+          "UAC-0144",
+          "UAC-0024",
+          "UAC-0003"
         ],
         "targeted-sector": [
           "Government, Administration",
@@ -2814,7 +2820,8 @@
           "https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back",
           "https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/",
           "https://www.recordedfuture.com/russia-nexus-uac-0113-emulating-telecommunication-providers-in-ukraine",
-          "https://cert.gov.ua/article/405538"
+          "https://cert.gov.ua/article/405538",
+          "https://cip.gov.ua/services/cm/api/attachment/download?id=60068"
         ],
         "synonyms": [
           "Quedagh",
@@ -2828,7 +2835,8 @@
           "Blue Echidna",
           "FROZENBARENTS",
           "UAC-0113",
-          "Seashell Blizzard"
+          "Seashell Blizzard",
+          "UAC-0082"
         ],
         "targeted-sector": [
           "Electric",
@@ -13402,7 +13410,12 @@
         "country": "RU",
         "refs": [
           "https://www.mandiant.com/resources/blog/gru-rise-telegram-minions",
-          "https://www.mandiant.com/resources/blog/gru-disruptive-playbook"
+          "https://www.mandiant.com/resources/blog/gru-disruptive-playbook",
+          "https://cip.gov.ua/services/cm/api/attachment/download?id=60068"
+        ],
+        "synonyms": [
+          "UAC-0100",
+          "UAC-0106"
         ]
       },
       "uuid": "566752f5-a294-4430-b47e-8e705f9887ea",
@@ -13417,7 +13430,11 @@
           "https://www.cyfirma.com/?post_type=out-of-band&p=17397",
           "https://www.reversinglabs.com/blog/the-week-in-security-possible-colonial-pipeline-2.0-ransomware-hurts-small-american-eateries",
           "https://channellife.com.au/story/the-increasing-presence-of-pro-russia-hacktivists",
-          "https://socradar.io/dark-web-profile-killnet-russian-hacktivist-group/"
+          "https://socradar.io/dark-web-profile-killnet-russian-hacktivist-group/",
+          "https://cip.gov.ua/services/cm/api/attachment/download?id=60068"
+        ],
+        "synonyms": [
+          "UAC-0109"
         ]
       },
       "uuid": "3689f0e2-6c39-4864-ae0b-cc03e4cb695a",
@@ -15325,5 +15342,5 @@
       "value": "R00tK1T"
     }
   ],
-  "version": 303
+  "version": 304
 }