diff --git a/apts/blacktech/info.md b/apts/blacktech/info.md
index 4c90812..61d6dca 100644
--- a/apts/blacktech/info.md
+++ b/apts/blacktech/info.md
@@ -85,13 +85,23 @@ dea5c564c9d961ccf2ed535139fbfca4f1727373504f2972ac92acfaf21da831	BKDR_WATERBEARE
 ```
 
 
-[4]
+[4] - some tweet
 ```
 59.125.119[.]202
 apple[.]wikaba[.]com
 ```
 
 
+[5]
+```
+139.180.201.6
+108.160.138.235
+108.160.132.108
+naaakkk.wikaba.com
+ntstore.hosthampster.com
+blog.mysecuritycamera.com
+139.162.112.74
+```
 
 
 
@@ -104,4 +114,5 @@ apple[.]wikaba[.]com
 
 [1]: https://www.security.com/threat-intelligence/palmerworm-blacktech-espionage-apt
 [2]: https://www.trendmicro.com/en_us/research/17/f/following-trail-blacktech-cyber-espionage-campaigns.html
-[3]: https://www.trendmicro.com/en_us/research/19/l/waterbear-is-back-uses-api-hooking-to-evade-security-product-detection.html
\ No newline at end of file
+[3]: https://www.trendmicro.com/en_us/research/19/l/waterbear-is-back-uses-api-hooking-to-evade-security-product-detection.html
+[5]: https://blogs.jpcert.or.jp/en/2022/09/bigip-exploit.html
\ No newline at end of file