diff --git a/elements/apt-groups.json b/elements/apt-groups.json
index d0c64fae..118dd5ee 100644
--- a/elements/apt-groups.json
+++ b/elements/apt-groups.json
@@ -1,16 +1,34 @@
 {
   "version" : 1,
-  "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups can be confused with their initial operation or campaign.",
+  "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.",
   "authors": ["Alexandre Dulaunoy", "Florian Roth", "Various"],
   "type": "APT Groups",
-  "groups"  : ["Comment Crew","Sofacy","APT 29","Turla Group","Energetic Bear","Sandworm","Anunak","TeamSpy Crew","BuhTrap"],
+  "groups"  : ["Comment Crew","Putter Panda","Sofacy","APT 29","Turla Group","Energetic Bear","Sandworm","Anunak","TeamSpy Crew","BuhTrap","Putter Panda","UPS","IXESHE"],
   "details" : [
                         {
                         "group": "Comment Crew",
                         "description": "PLA Unit 61398 (Chinese: 61398部队, Pinyin: 61398 bùduì) is the Military Unit Cover Designator (MUCD)[1] of a People's Liberation Army advanced persistent threat unit that has been alleged to be a source of Chinese computer hacking attacks",
                         "refs": ["https://en.wikipedia.org/wiki/PLA_Unit_61398", "http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf"],
                         "country": "CN",
-                        "synonyms": ["Comment Panda", "PLA Unit 61398", "APT 1", "Advanced Persistent Threat 1", "Byzantine Candor"]
+                        "synonyms": ["Comment Panda","PLA Unit 61398", "APT 1","Advanced Persistent Threat 1","Byzantine Candor","Group 3","TG-8223"]
+                        },
+                        {
+                        "group": "Putter Panda",
+                        "refs": ["http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf"],
+                        "country": "CN",
+                        "synonyms": ["PLA Unit 61486", "APT 2", "Group 36"]
+                        },
+                        {
+                        "group": "UPS",
+                        "refs": ["https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html"],
+                        "country": "CN",
+                        "synonyms": ["Gothic Panda","TG-0110","APT 3","Group 6"]
+                        },
+                        {
+                        "group": "IXESHE",
+                        "refs": ["http://www.crowdstrike.com/blog/whois-numbered-panda/"],
+                        "country": "CN",
+                        "synonyms": ["Numbered Panda", "TG-2754", "BeeBus", "Group 22", "DynCalc", "Crimson Iron"]
                         },
                         {
                         "group": "Sofacy",