diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 954b385..2e63626 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -9136,7 +9136,14 @@
       "meta": {
         "country": "RU",
         "refs": [
-          "https://www.mandiant.com/resources/fin13-cybercriminal-mexico"
+          "https://www.mandiant.com/resources/fin13-cybercriminal-mexico",
+          "https://blog.sygnia.co/elephant-beetle-an-organized-financial-theft-operation",
+          "https://f.hubspotusercontent30.net/hubfs/8776530/Sygnia-%20Elephant%20Beetle_Jan2022.pdf",
+          "https://www.netwitness.com/wp-content/uploads/FIN13-Elephant-Beetle-NetWitness.pdf"
+        ],
+        "synonyms": [
+          "TG2003",
+          "Elephant Beetle"
         ]
       },
       "uuid": "60fa684d-c738-4b77-98fb-3f6605e2bb82",
@@ -9485,19 +9492,6 @@
       "uuid": "6cce6ecc-e6f5-4ae5-b8c5-cf633b7cf973",
       "value": "ModifiedElephant"
     },
-    {
-      "description": "Financially motivated threat group targeting and infiltrating organizations from the finance and commerce sector in Latin America.",
-      "meta": {
-        "refs": [
-          "https://f.hubspotusercontent30.net/hubfs/8776530/Sygnia-%20Elephant%20Beetle_Jan2022.pdf"
-        ],
-        "synonyms": [
-          "TG2003"
-        ]
-      },
-      "uuid": "64930954-db40-4d97-8fc4-76079d239e15",
-      "value": "Elephant Beetle"
-    },
     {
       "description": "EXOTIC LILY is a resourceful, financially motivated group whose activities appear to be closely linked with data exfiltration and deployment of human-operated ransomware such as Conti and Diavol. In early September 2021, the group has been obeserved exploiting a 0day in Microsoft MSHTML (CVE-2021-40444). Investigation lead researchers to believe that they are an Initial Access Broker (IAB) who appear to be working with the Russian cyber crime gang known as FIN12 (Mandiant, FireEye) / WIZARD SPIDER (CrowdStrike). This threat actor deploys tactics, techniques and procedures (TTPs) that are traditionally associated with more targeted attacks, like spoofing companies and employees as a means of gaining trust of a targeted organization through email campaigns that are believed to be sent by real human operators using little-to-no automation. Additionally and rather uniquely, they leverage legitimate file-sharing services like WeTransfer, TransferNow and OneDrive to deliver the payload, namely BUMBLEEBEE and BAZARLOADER, further evading detection mechanisms. This level of human-interaction is rather unusual for cyber crime groups focused on mass scale operations.",
       "meta": {
@@ -10012,5 +10006,5 @@
       "value": "Returned Libra"
     }
   ],
-  "version": 237
+  "version": 238
 }