diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 45dfd3b..fd0711b 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -1026,6 +1026,7 @@
         "cfr-type-of-incident": "Espionage",
         "country": "CN",
         "refs": [
+          "https://i.blackhat.com/Asia-22/Friday-Materials/AS-22-Li-To-Loot-Or-Not-To-Loot-That-Is-Not-a-Question.pdf",
           "https://web.archive.org/web/20140129192702/https://www.scmagazineuk.com/iran-and-russia-blamed-for-state-sponsored-espionage/article/330401/",
           "https://labs.bitdefender.com/2018/02/operation-pzchao-a-possible-return-of-the-iron-tiger-apt/",
           "https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-inside-a-highly-specialized-espionage-infrastructure/",
@@ -1045,6 +1046,7 @@
           "https://unit42.paloaltonetworks.com/atoms/iron-taurus/"
         ],
         "synonyms": [
+          "GreedyTaotie",
           "TG-3390",
           "APT 27",
           "APT27",
@@ -9859,12 +9861,14 @@
       "meta": {
         "country": "CN",
         "refs": [
+          "https://i.blackhat.com/Asia-22/Friday-Materials/AS-22-Li-To-Loot-Or-Not-To-Loot-That-Is-Not-a-Question.pdf",
           "https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself",
           "https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation",
           "https://www.sentinelone.com/labs/lockbit-ransomware-side-loads-cobalt-strike-beacon-with-legitimate-vmware-utility",
           "https://twitter.com/cglyer/status/1480734487000453121"
         ],
         "synonyms": [
+          "SLIME34",
           "DEV-0401"
         ]
       },
@@ -10004,7 +10008,38 @@
       },
       "uuid": "7831d56e-5913-44ca-8835-f42017aeb0cd",
       "value": "Returned Libra"
+    },
+    {
+      "meta": {
+        "attribution-confidence": "75",
+        "cfr-suspected-state-sponsor": "China",
+        "cfr-target-category": [
+          "Private Sector"
+        ],
+        "country": "CN",
+        "refs": [
+          "https://i.blackhat.com/Asia-22/Friday-Materials/AS-22-Li-To-Loot-Or-Not-To-Loot-That-Is-Not-a-Question.pdf"
+        ]
+      },
+      "uuid": "a3831248-5e2f-492d-8bb6-5e82c2f6481d",
+      "value": "TianWu"
+    },
+    {
+      "meta": {
+        "attribution-confidence": "75",
+        "cfr-suspected-state-sponsor": "China",
+        "cfr-target-category": [
+          "Private Sector"
+        ],
+        "country": "CN",
+        "refs": [
+          "https://i.blackhat.com/Asia-22/Thursday-Materials/AS-22-LeonSilvia-NextGenPlugXShadowPad.pdf",
+          "https://i.blackhat.com/Asia-22/Friday-Materials/AS-22-Li-To-Loot-Or-Not-To-Loot-That-Is-Not-a-Question.pdf"
+        ]
+      },
+      "uuid": "d58030e2-5673-4836-9aff-ab6d55da0bc0",
+      "value": "SLIME29"
     }
   ],
-  "version": 238
+  "version": 239
 }