diff --git a/threat-actor-naming/raw.md b/threat-actor-naming/raw.md
index 30cfe1f..60414df 100755
--- a/threat-actor-naming/raw.md
+++ b/threat-actor-naming/raw.md
@@ -80,27 +80,36 @@ practices defined in this document.
 
 ## Uniqueness
 
-When choosing a threat actor name, uniqueness is a critical property. The threat actor name **MUST** be unique and not existing in different contexts.
+When choosing a threat actor name, uniqueness is a critical property. The threat actor name **MUST** be unique and not existing in different contexts. The name **MUST** not be a word from a dictionary which can be used in other contexts.
 
 ## Format
 
+The name of the threat actor **SHALL** be composed of a single word. If there is multiple part like a decimal value such as a counter, the values **MUST** be separated with a dash. Single words are preferred to ease search of keywords by analysts in public sources.
+
 ## Encoding
 
 The name of the threat actor **MUST** be expressed in ASCII 7-bit. Assigning a localized name to a threat actor **MAY** create a set of ambiguity about different localized version of the same threat actor.
 
 ## Don't confuse actor naming with malware naming
 
-The name of the threat actor **MUST NOT** be assigned based on the tools or techniques used by the threat actor. A notorious example in the threat intelligence community is Turla which can name a threat actor but also a malware used by this group or other groups.
+The name of the threat actor **MUST NOT** be assigned based on the tools, techniques or patterns used by the threat actor. A notorious example in the threat intelligence community is Turla which can name a threat actor but also a malware used by this group or other groups.
 
 ## Directory
 
 # Examples
 
-Some known examples are included below and serve as reference for good practices in naming threat actors. The below threat actor names can be considered good example :
+Some known examples are included below and serve as reference for good practices in naming threat actors. The below threat actor names can be considered good example:
 
 - APT-1
 - TA-505
 
+The below threat actor names can be considered as example to not follow:
+
+- GIF89a (Word also used for the GIF header)
+- ShadyRAT (Confusion between the name and the tool)
+- Group 3 (Common name used for other use-cases)
+- ZooPark (Name is used to describe something else)
+
 # Security Considerations
 
 Naming a threat actor could include specific sensitive reference to a case or an incident. Before releasing the naming, the creator
diff --git a/threat-actor-naming/threat-actor-naming.html b/threat-actor-naming/threat-actor-naming.html
index 5884944..f90b660 100644
--- a/threat-actor-naming/threat-actor-naming.html
+++ b/threat-actor-naming/threat-actor-naming.html
@@ -518,10 +518,11 @@
 <h1 id="rfc.section.2.2">
 <a href="#rfc.section.2.2">2.2.</a> <a href="#uniqueness" id="uniqueness">Uniqueness</a>
 </h1>
-<p id="rfc.section.2.2.p.1">When choosing a threat actor name, uniqueness is a critical property. The threat actor name MUST be unique and not existing in different contexts.</p>
+<p id="rfc.section.2.2.p.1">When choosing a threat actor name, uniqueness is a critical property. The threat actor name MUST be unique and not existing in different contexts. The name MUST not be a word from a dictionary which can be used in other contexts.</p>
 <h1 id="rfc.section.2.3">
 <a href="#rfc.section.2.3">2.3.</a> <a href="#format" id="format">Format</a>
 </h1>
+<p id="rfc.section.2.3.p.1">The name of the threat actor SHALL be composed of a single word. If there is multiple part like a decimal value such as a counter, the values MUST be separated with a dash. Single words are preferred to ease search of keywords by analysts in public sources.</p>
 <h1 id="rfc.section.2.4">
 <a href="#rfc.section.2.4">2.4.</a> <a href="#encoding" id="encoding">Encoding</a>
 </h1>
@@ -529,14 +530,14 @@
 <h1 id="rfc.section.2.5">
 <a href="#rfc.section.2.5">2.5.</a> <a href="#don-t-confuse-actor-naming-with-malware-naming" id="don-t-confuse-actor-naming-with-malware-naming">Don't confuse actor naming with malware naming</a>
 </h1>
-<p id="rfc.section.2.5.p.1">The name of the threat actor MUST NOT be assigned based on the tools or techniques used by the threat actor. A notorious example in the threat intelligence community is Turla which can name a threat actor but also a malware used by this group or other groups.</p>
+<p id="rfc.section.2.5.p.1">The name of the threat actor MUST NOT be assigned based on the tools, techniques or patterns used by the threat actor. A notorious example in the threat intelligence community is Turla which can name a threat actor but also a malware used by this group or other groups.</p>
 <h1 id="rfc.section.2.6">
 <a href="#rfc.section.2.6">2.6.</a> <a href="#directory" id="directory">Directory</a>
 </h1>
 <h1 id="rfc.section.3">
 <a href="#rfc.section.3">3.</a> <a href="#examples" id="examples">Examples</a>
 </h1>
-<p id="rfc.section.3.p.1">Some known examples are included below and serve as reference for good practices in naming threat actors. The below threat actor names can be considered good example :</p>
+<p id="rfc.section.3.p.1">Some known examples are included below and serve as reference for good practices in naming threat actors. The below threat actor names can be considered good example:</p>
 <p></p>
 
 <ul>
@@ -544,6 +545,17 @@
 <li>TA-505</li>
 </ul>
 
+<p> </p>
+<p id="rfc.section.3.p.3">The below threat actor names can be considered as example to not follow:</p>
+<p></p>
+
+<ul>
+<li>GIF89a (Word also used for the GIF header)</li>
+<li>ShadyRAT (Confusion between the name and the tool)</li>
+<li>Group 3 (Common name used for other use-cases)</li>
+<li>ZooPark (Name is used to describe something else)</li>
+</ul>
+
 <p> </p>
 <h1 id="rfc.section.4">
 <a href="#rfc.section.4">4.</a> <a href="#security-considerations" id="security-considerations">Security Considerations</a>
diff --git a/threat-actor-naming/threat-actor-naming.txt b/threat-actor-naming/threat-actor-naming.txt
index efc214d..9ac20a4 100644
--- a/threat-actor-naming/threat-actor-naming.txt
+++ b/threat-actor-naming/threat-actor-naming.txt
@@ -68,15 +68,15 @@ Table of Contents
      2.3.  Format  . . . . . . . . . . . . . . . . . . . . . . . . .   3
      2.4.  Encoding  . . . . . . . . . . . . . . . . . . . . . . . .   3
      2.5.  Don't confuse actor naming with malware naming  . . . . .   3
-     2.6.  Directory . . . . . . . . . . . . . . . . . . . . . . . .   3
+     2.6.  Directory . . . . . . . . . . . . . . . . . . . . . . . .   4
    3.  Examples  . . . . . . . . . . . . . . . . . . . . . . . . . .   4
    4.  Security Considerations . . . . . . . . . . . . . . . . . . .   4
    5.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   4
    6.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   4
    7.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   4
      7.1.  Normative References  . . . . . . . . . . . . . . . . . .   4
-     7.2.  Informative References  . . . . . . . . . . . . . . . . .   4
-   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   4
+     7.2.  Informative References  . . . . . . . . . . . . . . . . .   5
+   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   5
 
 1.  Introduction
 
@@ -140,10 +140,16 @@ Internet-Draft   Recommendations on naming threat actors       June 2020
 
    When choosing a threat actor name, uniqueness is a critical property.
    The threat actor name MUST be unique and not existing in different
-   contexts.
+   contexts.  The name MUST not be a word from a dictionary which can be
+   used in other contexts.
 
 2.3.  Format
 
+   The name of the threat actor SHALL be composed of a single word.  If
+   there is multiple part like a decimal value such as a counter, the
+   values MUST be separated with a dash.  Single words are preferred to
+   ease search of keywords by analysts in public sources.
+
 2.4.  Encoding
 
    The name of the threat actor MUST be expressed in ASCII 7-bit.
@@ -152,16 +158,10 @@ Internet-Draft   Recommendations on naming threat actors       June 2020
 
 2.5.  Don't confuse actor naming with malware naming
 
-   The name of the threat actor MUST NOT be assigned based on the tools
-   or techniques used by the threat actor.  A notorious example in the
-   threat intelligence community is Turla which can name a threat actor
-   but also a malware used by this group or other groups.
-
-2.6.  Directory
-
-
-
-
+   The name of the threat actor MUST NOT be assigned based on the tools,
+   techniques or patterns used by the threat actor.  A notorious example
+   in the threat intelligence community is Turla which can name a threat
+   actor but also a malware used by this group or other groups.
 
 
 
@@ -170,16 +170,29 @@ Dulaunoy & Bourmeau     Expires December 11, 2020               [Page 3]
 Internet-Draft   Recommendations on naming threat actors       June 2020
 
 
+2.6.  Directory
+
 3.  Examples
 
    Some known examples are included below and serve as reference for
    good practices in naming threat actors.  The below threat actor names
-   can be considered good example :
+   can be considered good example:
 
    o  APT-1
 
    o  TA-505
 
+   The below threat actor names can be considered as example to not
+   follow:
+
+   o  GIF89a (Word also used for the GIF header)
+
+   o  ShadyRAT (Confusion between the name and the tool)
+
+   o  Group 3 (Common name used for other use-cases)
+
+   o  ZooPark (Name is used to describe something else)
+
 4.  Security Considerations
 
    Naming a threat actor could include specific sensitive reference to a
@@ -206,6 +219,13 @@ Internet-Draft   Recommendations on naming threat actors       June 2020
               DOI 10.17487/RFC2119, March 1997,
               <https://www.rfc-editor.org/info/rfc2119>.
 
+
+
+Dulaunoy & Bourmeau     Expires December 11, 2020               [Page 4]
+
+Internet-Draft   Recommendations on naming threat actors       June 2020
+
+
 7.2.  Informative References
 
    [MISP-P]   Community, M., "MISP Project - Open Source Threat
@@ -214,18 +234,6 @@ Internet-Draft   Recommendations on naming threat actors       June 2020
 
 Authors' Addresses
 
-
-
-
-
-
-
-
-Dulaunoy & Bourmeau     Expires December 11, 2020               [Page 4]
-
-Internet-Draft   Recommendations on naming threat actors       June 2020
-
-
    Alexandre Dulaunoy
    Computer Incident Response Center Luxembourg
    16, bd d'Avranches
@@ -256,14 +264,6 @@ Internet-Draft   Recommendations on naming threat actors       June 2020
 
 
 
-
-
-
-
-
-
-
-
 
 
 
diff --git a/threat-actor-naming/threat-actor-naming.xml b/threat-actor-naming/threat-actor-naming.xml
index 3cf4722..6ffe22c 100644
--- a/threat-actor-naming/threat-actor-naming.xml
+++ b/threat-actor-naming/threat-actor-naming.xml
@@ -61,10 +61,11 @@ practices defined in this document.</t>
 </section>
 
 <section anchor="uniqueness" title="Uniqueness">
-<t>When choosing a threat actor name, uniqueness is a critical property. The threat actor name MUST be unique and not existing in different contexts.</t>
+<t>When choosing a threat actor name, uniqueness is a critical property. The threat actor name MUST be unique and not existing in different contexts. The name MUST not be a word from a dictionary which can be used in other contexts.</t>
 </section>
 
 <section anchor="format" title="Format">
+<t>The name of the threat actor SHALL be composed of a single word. If there is multiple part like a decimal value such as a counter, the values MUST be separated with a dash. Single words are preferred to ease search of keywords by analysts in public sources.</t>
 </section>
 
 <section anchor="encoding" title="Encoding">
@@ -72,7 +73,7 @@ practices defined in this document.</t>
 </section>
 
 <section anchor="don-t-confuse-actor-naming-with-malware-naming" title="Don't confuse actor naming with malware naming">
-<t>The name of the threat actor MUST NOT be assigned based on the tools or techniques used by the threat actor. A notorious example in the threat intelligence community is Turla which can name a threat actor but also a malware used by this group or other groups.</t>
+<t>The name of the threat actor MUST NOT be assigned based on the tools, techniques or patterns used by the threat actor. A notorious example in the threat intelligence community is Turla which can name a threat actor but also a malware used by this group or other groups.</t>
 </section>
 
 <section anchor="directory" title="Directory">
@@ -80,13 +81,22 @@ practices defined in this document.</t>
 </section>
 
 <section anchor="examples" title="Examples">
-<t>Some known examples are included below and serve as reference for good practices in naming threat actors. The below threat actor names can be considered good example :</t>
+<t>Some known examples are included below and serve as reference for good practices in naming threat actors. The below threat actor names can be considered good example:</t>
 <t>
 <list style="symbols">
 <t>APT-1</t>
 <t>TA-505</t>
 </list>
 </t>
+<t>The below threat actor names can be considered as example to not follow:</t>
+<t>
+<list style="symbols">
+<t>GIF89a (Word also used for the GIF header)</t>
+<t>ShadyRAT (Confusion between the name and the tool)</t>
+<t>Group 3 (Common name used for other use-cases)</t>
+<t>ZooPark (Name is used to describe something else)</t>
+</list>
+</t>
 </section>
 
 <section anchor="security-considerations" title="Security Considerations">
@@ -105,6 +115,7 @@ MUST review the name to ensure no sensitive information is included in the threa
 
 <back>
 <references title="Normative References">
+<?rfc include="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"?>
 <reference anchor="MISP-G" target="https://github.com/MISP/misp-galaxy">
   <front>
     <title>MISP Galaxy - Public repository </title>
@@ -112,7 +123,6 @@ MUST review the name to ensure no sensitive information is included in the threa
     <date></date>
   </front>
 </reference>
-<?rfc include="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"?>
 </references>
 <references title="Informative References">
 <reference anchor="MISP-P" target="https://github.com/MISP">