Update threat-actor.json

DeathStalker, Mabna

clusters/threat-actor.json

@@ -7403,7 +7403,8 @@
           "https://www.secureworks.com/blog/back-to-school-cobalt-dickens-targets-universities",
           "https://www.proofpoint.com/us/threat-insight/post/seems-phishy-back-school-lures-target-university-students-and-staff",
           "https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta407-silent-librarian",
-          "https://www.secureworks.com/research/threat-profiles/cobalt-dickens"
+          "https://www.secureworks.com/research/threat-profiles/cobalt-dickens",
+          "https://community.riskiq.com/article/44eb0802"
         ],
         "synonyms": [
           "COBALT DICKENS",
@@ -8387,7 +8388,8 @@
       "meta": {
         "refs": [
           "https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/",
-          "https://securelist.com/deathstalker-mercenary-triumvirate/98177/"
+          "https://securelist.com/deathstalker-mercenary-triumvirate/98177/",
+          "https://securelist.com/what-did-deathstalker-hide-between-two-ferns/99616/"
         ],
         "synonyms": [
           "DeathStalker"
@@ -8501,5 +8503,5 @@
       "value": "Operation Skeleton Key"
     }
   ],
-  "version": 193
+  "version": 194
 }