diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 4c78add..8e25eeb 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -2639,7 +2639,8 @@
           "https://www.cfr.org/interactive/cyber-operations/operation-ghostsecret",
           "https://securelist.com/operation-applejeus/87553/",
           "https://www.cfr.org/interactive/cyber-operations/compromise-cryptocurrency-exchanges-south-korea",
-          "https://www.bleepingcomputer.com/news/security/lazarus-group-deploys-its-first-mac-malware-in-cryptocurrency-exchange-hack/"
+          "https://www.bleepingcomputer.com/news/security/lazarus-group-deploys-its-first-mac-malware-in-cryptocurrency-exchange-hack/",
+          "https://content.fireeye.com/apt/rpt-apt38"
         ],
         "synonyms": [
           "Operation DarkSeoul",
@@ -2655,7 +2656,8 @@
           "Labyrinth Chollima",
           "Operation Troy",
           "Operation GhostSecret",
-          "Operation AppleJeus"
+          "Operation AppleJeus",
+          "APT38"
         ]
       },
       "related": [
@@ -5433,7 +5435,8 @@
           "http://newsroom.trendmicro.com/blog/operation-iron-tiger-attackers-shift-east-asia-united-states",
           "https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage",
           "https://www.threatconnect.com/blog/threatconnect-discovers-chinese-apt-activity-in-europe/",
-          "https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/april/decoding-network-data-from-a-gh0st-rat-variant/"
+          "https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/april/decoding-network-data-from-a-gh0st-rat-variant/",
+          "https://securelist.com/luckymouse-ndisproxy-driver/87914/"
         ],
         "synonyms": [
           "Emissary Panda",