diff --git a/clusters/ransomware.json b/clusters/ransomware.json
index b6d3498..47c39e0 100644
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@@ -11732,5 +11732,5 @@
       "value": "BitPaymer"
     }
   ],
-  "version": 48
+  "version": 49
 }
diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 6803c3d..79f0997 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -6146,7 +6146,7 @@
           "https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/"
         ]
       },
-      "uuid": "4db86f94-661e-458c-8ce3-ce7ab79af489",
+      "uuid": "3cf6dbb5-bf9e-47d4-a8d5-b6d76f5a791f",
       "value": "GRIM SPIDER"
     },
     {
@@ -6156,7 +6156,7 @@
           "https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/"
         ]
       },
-      "uuid": "ce20f612-e2cd-4a61-8c23-5405971ec401",
+      "uuid": "bdf4fe4f-af8a-495f-a719-cf175cecda1f",
       "value": "WIZARD SPIDER"
     },
     {
@@ -6167,9 +6167,19 @@
           "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-february-mummy-spider/"
         ]
       },
-      "uuid": "b28d82bc-4f77-4956-b595-8c5d6a1a842b",
+      "uuid": "c93281be-f6cd-4cd0-a5a3-defde9d77d8b",
       "value": "MUMMY SPIDER"
+    },
+    {
+      "description": "Open-source reporting has claimed that the Hermes ransomware was developed by the North Korean group STARDUST CHOLLIMA (activities of which have been public reported as part of the “Lazarus Group”), because Hermes was executed on a host during the SWIFT compromise of FEIB in October 2017. ",
+      "meta": {
+        "refs": [
+          "https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/"
+        ]
+      },
+      "uuid": "d8e1762a-0063-48c2-9ea1-8d176d14b70f",
+      "value": "STARDUST CHOLLIMA"
     }
   ],
-  "version": 85
+  "version": 86
 }