From 311b5492c883e81077dc191f5cefa49340dd6ee3 Mon Sep 17 00:00:00 2001
From: blackorbird <137812951@qq.com>
Date: Mon, 13 Jan 2020 16:20:58 +0800
Subject: [PATCH] Update README.MD

---
 International Strategic/Iran/README.MD | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/International Strategic/Iran/README.MD b/International Strategic/Iran/README.MD
index 613ab42..e2c26b1 100644
--- a/International Strategic/Iran/README.MD	
+++ b/International Strategic/Iran/README.MD	
@@ -14,6 +14,13 @@ OilRig is a threat group Unit 42 named and discovered in May 2016. Since then, w
 Once gaining access to an end point, actors would use credential dumping tools, such as Mimikatz to gather credentials to legitimate accounts to then move laterally to other systems on the network. When presented with a webserver, OilRig would install a webshell as another ingress point to maintain access to the network.
 
 References
+
+https://www.clearskysec.com/powdesk-apt34/
+
+https://blog.knowbe4.com/iranian-hacker-group-apt34-use-new-tonedeaf-malware-over-linkedin-in-latest-phishing-campaign
+
+https://cyware.com/blog/apt34-the-helix-kitten-cybercriminal-group-loves-to-meow-middle-eastern-and-international-organizations-48ae
+
 https://unit42.paloaltonetworks.com/behind-the-scenes-with-oilrig/
 
 https://unit42.paloaltonetworks.com/dns-tunneling-in-the-wild-overview-of-oilrigs-dns-tunneling/