diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 37727b0..a38549a 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -3702,12 +3702,10 @@
         "refs": [
           "https://www.microsoft.com/security/blog/2016/12/14/twin-zero-day-attacks-promethium-and-neodymium-target-individuals-in-europe/",
           "https://www.virusbulletin.com/conference/vb2016/abstracts/last-minute-paper-strongpity-waterhole-attacks-targeting-italian-and-belgian-encryption-users",
-          "https://attack.mitre.org/groups/G0055/",
           "https://attack.mitre.org/groups/G0056/"
         ],
         "synonyms": [
           "StrongPity",
-          "G0055",
           "G0056"
         ]
       },
@@ -3734,7 +3732,11 @@
       "description": "NEODYMIUM is an activity group that is known to use a backdoor malware detected by Microsoft as Wingbird. This backdoor’s characteristics closely match FinFisher, a government-grade commercial surveillance package. Data about Wingbird activity indicate that it is typically used to attack individual computers instead of networks.",
       "meta": {
         "refs": [
-          "https://blogs.technet.microsoft.com/mmpc/2016/12/14/twin-zero-day-attacks-promethium-and-neodymium-target-individuals-in-europe/"
+          "https://blogs.technet.microsoft.com/mmpc/2016/12/14/twin-zero-day-attacks-promethium-and-neodymium-target-individuals-in-europe/",
+          "https://attack.mitre.org/groups/G0055/"
+        ],
+        "synonyms": [
+          "G0055"
         ]
       },
       "related": [