diff --git a/apts/blacktech/info.md b/apts/blacktech/info.md
index 5b97125..3d2eff3 100644
--- a/apts/blacktech/info.md
+++ b/apts/blacktech/info.md
@@ -126,8 +126,14 @@ mx[.]msdtc.tw
 ```
 
 
+[8]
 
-
+TsCookie
+```
+app.dynamicrosoft.com
+home.mwbsys.org
+fc863fbd71e22c99eaa2b1b0eb72d806cedeb536213e600afb03f0fbea9d2bb3
+```
 
 
 
@@ -145,4 +151,5 @@ mx[.]msdtc.tw
 [3]: https://www.trendmicro.com/en_us/research/19/l/waterbear-is-back-uses-api-hooking-to-evade-security-product-detection.html
 [5]: https://blogs.jpcert.or.jp/en/2022/09/bigip-exploit.html
 [6]: https://x.com/ESETresearch/status/1382054011264700416
-[7]: https://cyberandramen.net/2021/02/11/blacktech-updates-elf-plead-backdoor/
\ No newline at end of file
+[7]: https://cyberandramen.net/2021/02/11/blacktech-updates-elf-plead-backdoor/
+[8]: https://blogs.jpcert.or.jp/en/2020/03/elf-tscookie.html
\ No newline at end of file