diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 64579aea..2532e5a8 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -979,8 +979,10 @@
         "country": "CN",
         "refs": [
           "http://www.crowdstrike.com/blog/cyber-deterrence-in-action-a-story-of-one-long-hurricane-panda-campaign/",
-          "https://blog.confiant.com/uncovering-2017s-largest-malvertising-operation-b84cd38d6b85",
-          "https://blog.confiant.com/zirconium-was-one-step-ahead-of-chromes-redirect-blocker-with-0-day-2d61802efd0d"
+          "https://www.crowdstrike.com/blog/crowdstrike-discovers-use-64-bit-zero-day-privilege-escalation-exploit-cve-2014-4113-hurricane-panda/",
+          "https://www.crowdstrike.com/blog/storm-chasing/",
+          "https://www.crowdstrike.com/blog/cyber-deterrence-in-action-a-story-of-one-long-hurricane-panda-campaign/",
+          "https://go.recordedfuture.com/hubfs/reports/cta-2019-0206.pdf"
         ],
         "synonyms": [
           "Black Vine",
@@ -1124,7 +1126,6 @@
           "https://www.fireeye.com/blog/threat-research/2017/04/apt10_menupass_grou.html",
           "https://www.eweek.com/security/chinese-nation-state-hackers-target-u.s-in-operation-tradesecret",
           "https://blog.trendmicro.com/trendlabs-security-intelligence/chessmaster-cyber-espionage-campaign/",
-          "https://go.recordedfuture.com/hubfs/reports/cta-2019-0206.pdf",
           "https://www.accenture.com/t20180423T055005Z_w_/se-en/_acnmedia/PDF-76/Accenture-Hogfish-Threat-Analysis.pdf",
           "https://www.us-cert.gov/sites/default/files/publications/IR-ALERT-MED-17-093-01C-Intrusions_Affecting_Multiple_Victims_Across_Multiple_Sectors.pdf",
           "https://www.fireeye.com/blog/threat-research/2018/09/apt10-targeting-japanese-corporations-using-updated-ttps.html",
@@ -7433,7 +7434,8 @@
         "refs": [
           "https://www.microsoft.com/security/blog/2017/03/27/detecting-and-mitigating-elevation-of-privilege-exploit-for-cve-2017-0005/",
           "https://duo.com/decipher/apt-groups-moving-down-the-supply-chain",
-          "https://github.com/GuardaCyber/APT-Groups-and-Operations/blob/master/Reports/FireEye%20Intel%20-%20APT31%20Threat%20Group%20Profile.pdf",
+          "https://redalert.nshc.net/2019/12/03/threat-actor-targeting-hong-kong-activists",
+          "https:/twitter.com/bkMSFT/status/1201876664667582466",
           "http://www.secureworks.com/research/threat-profiles/bronze-vinewood"
         ],
         "synonyms": [