diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 344ec791..7b9b3d5a 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -26,9 +26,13 @@
     },
     {
       "meta": {
-        "country": "CN"
+        "country": "CN",
+        "refs": [
+          "https://wikileaks.org/vault7/document/2015-08-20150814-256-CSIR-15005-Stalker-Panda/2015-08-20150814-256-CSIR-15005-Stalker-Panda.pdf"
+        ]
       },
       "value": "Stalker Panda",
+      "description": "The group appears to have close ties to the Chinese National University of Defense and Technology, which is possibly linked to the PLA. Stalker Panda has been observed conducting targeted attacks against Japan, Taiwan, Hong Kong, and the United States. The attacks appear to be centered on political, media, and engineering sectors. The group appears to have been active since around 2010 and they maintain and upgrade their tools regularly.",
       "uuid": "36843742-adf1-427c-a7c0-067d74b4aeaf"
     },
     {
@@ -2688,5 +2692,5 @@
   ],
   "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.",
   "uuid": "7cdff317-a673-4474-84ec-4f1754947823",
-  "version": 40
+  "version": 41
 }