diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index c91c51c..39ffe8e 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -523,14 +523,17 @@
           "GREF",
           "Playful Dragon",
           "APT 15",
+          "APT15",
           "Metushy",
           "Lurid",
-          "Social Network Team"
+          "Social Network Team",
+          "Royal APT"
         ],
         "country": "CN",
         "refs": [
           "https://www.fireeye.com/blog/threat-research/2014/09/forced-to-adapt-xslcmd-backdoor-now-on-os-x.html",
-          "http://arstechnica.com/security/2015/04/elite-cyber-crime-group-strikes-back-after-attack-by-rival-apt-gang/"
+          "http://arstechnica.com/security/2015/04/elite-cyber-crime-group-strikes-back-after-attack-by-rival-apt-gang/",
+          "https://github.com/nccgroup/Royal_APT"
         ]
       },
       "value": "Mirage",
@@ -2488,5 +2491,5 @@
   ],
   "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.",
   "uuid": "7cdff317-a673-4474-84ec-4f1754947823",
-  "version": 34
+  "version": 35
 }
diff --git a/clusters/tool.json b/clusters/tool.json
index 5cea33b..ee6d68a 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -10,7 +10,7 @@
   ],
   "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
   "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
-  "version": 55,
+  "version": 56,
   "values": [
     {
       "meta": {
@@ -1138,6 +1138,9 @@
           "Hoarde",
           "Phindolp",
           "BS2005"
+        ],
+        "refs": [
+          "https://github.com/nccgroup/Royal_APT"
         ]
       },
       "value": "Hoardy",
@@ -3839,7 +3842,8 @@
         "refs": [
           "https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20group%20using%20Neuron%20and%20Nautilus%20tools%20alongside%20Snake%20malware_0.pdf"
         ]
-      }
+      },
+      "uuid": "5c2eeaec-25e3-11e8-9d28-7f64aba5b173"
     },
     {
       "value": "Nautilus",
@@ -3848,7 +3852,8 @@
         "refs": [
           "https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20group%20using%20Neuron%20and%20Nautilus%20tools%20alongside%20Snake%20malware_0.pdf"
         ]
-      }
+      },
+      "uuid": "73cb7ecc-25e3-11e8-a97b-c35ec4e7dcf8"
     }
   ]
 }