diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 2362d96..1ae67d8 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -783,7 +783,8 @@
           "https://community.rsa.com/community/products/netwitness/blog/2018/02/13/lotus-blossom-continues-asean-targeting",
           "https://www.accenture.com/t20180127T003755Z_w_/us-en/_acnmedia/PDF-46/Accenture-Security-Dragonfish-Threat-Analysis.pdf",
           "https://attack.mitre.org/groups/G0030/",
-          "https://www.secureworks.com/research/threat-profiles/bronze-elgin"
+          "https://www.secureworks.com/research/threat-profiles/bronze-elgin",
+          "https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf"
         ],
         "synonyms": [
           "Spring Dragon",
@@ -1075,7 +1076,9 @@
           "https://www.intezer.com/miragefox-apt15-resurfaces-with-new-tools-based-on-old-ones/",
           "https://attack.mitre.org/groups/G0004/",
           "https://www.secureworks.com/research/threat-profiles/bronze-palace",
-          "https://www.mandiant.com/resources/insights/apt-groups"
+          "https://www.mandiant.com/resources/insights/apt-groups",
+          "https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf",
+          "https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWMFIi"
         ],
         "synonyms": [
           "VIXEN PANDA",
@@ -1089,7 +1092,8 @@
           "BRONZE DAVENPORT",
           "BRONZE IDLEWOOD",
           "NICKEL",
-          "G0004"
+          "G0004",
+          "Red Vulture"
         ]
       },
       "uuid": "3501fbf2-098f-47e7-be6a-6b0ff5742ce8",
@@ -1233,7 +1237,8 @@
           "https://securelist.com/the-icefog-apt-a-tale-of-cloak-and-three-daggers/57331/",
           "https://securelist.com/the-icefog-apt-hits-us-targets-with-java-backdoor/58209/",
           "https://www.cfr.org/interactive/cyber-operations/icefog",
-          "https://d2538mqrb7brka.cloudfront.net/wp-content/uploads/sites/43/2018/03/20133739/icefog.pdf"
+          "https://d2538mqrb7brka.cloudfront.net/wp-content/uploads/sites/43/2018/03/20133739/icefog.pdf",
+          "https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf"
         ],
         "synonyms": [
           "IceFog",
@@ -4541,7 +4546,8 @@
           "https://www.fireeye.com/current-threats/apt-groups.html",
           "https://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/rpt-southeast-asia-threat-landscape.pdf",
           "https://www.secureworks.com/research/threat-profiles/bronze-fleetwood",
-          "https://www.mandiant.com/resources/insights/apt-groups"
+          "https://www.mandiant.com/resources/insights/apt-groups",
+          "https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWMFIi"
         ],
         "synonyms": [
           "KEYHOLE PANDA",
@@ -5546,7 +5552,8 @@
           "https://www.foreignminister.gov.au/minister/marise-payne/media-release/australia-joins-international-partners-attribution-malicious-cyber-activity-china",
           "https://www.mofa.go.jp/press/danwa/press6e_000312.html",
           "https://www.consilium.europa.eu/en/press/press-releases/2021/07/19/declaration-by-the-high-representative-on-behalf-of-the-eu-urging-china-to-take-action-against-malicious-cyber-activities-undertaken-from-its-territory",
-          "https://www.mandiant.com/resources/insights/apt-groups"
+          "https://www.mandiant.com/resources/insights/apt-groups",
+          "https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWMFIi"
         ],
         "synonyms": [
           "TEMP.Periscope",
@@ -5877,7 +5884,8 @@
         "refs": [
           "https://www.recordedfuture.com/chinese-cyberespionage-operations",
           "https://go.recordedfuture.com/hubfs/reports/cta-2018-0626.pdf",
-          "https://go.recordedfuture.com/hubfs/reports/ta-2022-0816.pdf"
+          "https://go.recordedfuture.com/hubfs/reports/ta-2022-0816.pdf",
+          "https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf"
         ],
         "synonyms": [
           "DeepCliff",
@@ -6925,7 +6933,9 @@
           "https://www.consilium.europa.eu/en/press/press-releases/2021/07/19/declaration-by-the-high-representative-on-behalf-of-the-eu-urging-china-to-take-action-against-malicious-cyber-activities-undertaken-from-its-territory/",
           "https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-003",
           "https://twitter.com/bkMSFT/status/1417823714922610689",
-          "https://www.mandiant.com/resources/insights/apt-groups"
+          "https://www.mandiant.com/resources/insights/apt-groups",
+          "https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf",
+          "https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWMFIi"
         ],
         "synonyms": [
           "ZIRCONIUM",
@@ -6980,7 +6990,8 @@
           "https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf",
           "https://www.slideshare.net/codeblue_jp/cb19-cyber-threat-landscape-in-japan-revealing-threat-in-the-shadow-by-chi-en-shen-ashley-oleg-bondarenko",
           "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt",
-          "https://unit42.paloaltonetworks.com/atoms/mangataurus/"
+          "https://unit42.paloaltonetworks.com/atoms/mangataurus/",
+          "https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf"
         ],
         "synonyms": [
           "CIRCUIT PANDA",
@@ -7432,7 +7443,8 @@
           "https://www.mandiant.com/resources/report-apt41-double-dragon-a-dual-espionage-and-cyber-crime-operation",
           "https://www.cfr.org/cyber-operations/apt-41",
           "https://attack.mitre.org/groups/G0096",
-          "https://www.uscc.gov/sites/default/files/2022-02/Adam_Kozy_Testimony.pdf"
+          "https://www.uscc.gov/sites/default/files/2022-02/Adam_Kozy_Testimony.pdf",
+          "https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf"
         ],
         "synonyms": [
           "Double Dragon",
@@ -8216,7 +8228,8 @@
           "https://www.thedailybeast.com/how-chinas-devastating-microsoft-hack-puts-us-all-at-risk",
           "https://www.rnz.co.nz/news/political/447239/government-points-finger-at-china-over-cyber-attacks",
           "https://www.gov.uk/government/news/uk-and-allies-hold-chinese-state-responsible-for-a-pervasive-pattern-of-hacking",
-          "https://www.foreignminister.gov.au/minister/marise-payne/media-release/australia-joins-international-partners-attribution-malicious-cyber-activity-china"
+          "https://www.foreignminister.gov.au/minister/marise-payne/media-release/australia-joins-international-partners-attribution-malicious-cyber-activity-china",
+          "https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWMFIi"
         ],
         "synonyms": [
           "ATK233",