diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 5b9fdcd..bfa7a2d 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -5565,7 +5565,10 @@
           "https://us-cert.cisa.gov/ncas/alerts/aa20-301a",
           "https://www.cybereason.com/blog/back-to-the-future-inside-the-kimsuky-kgh-spyware-suite",
           "https://mandiant.widen.net/s/zvmfw5fnjs/apt43-report",
-          "https://asec.ahnlab.com/en/57873/"
+          "https://asec.ahnlab.com/en/57873/",
+          "https://asec.ahnlab.com/en/61082/",
+          "https://www.rewterz.com/rewterz-news/rewterz-threat-alert-north-korean-apt-kimsuky-aka-black-banshee-active-iocs-29/",
+          "https://www.sentinelone.com/labs/a-glimpse-into-future-scarcruft-campaigns-attackers-gather-strategic-intelligence-and-target-cybersecurity-professionals/"
         ],
         "synonyms": [
           "Velvet Chollima",
@@ -5573,7 +5576,9 @@
           "Thallium",
           "Operation Stolen Pencil",
           "G0086",
-          "APT43"
+          "APT43",
+          "Emerald Sleet",
+          "THALLIUM"
         ],
         "targeted-sector": [
           "Research - Innovation",