Update July.md

Threat Reports/July.md

@@ -6,3 +6,6 @@
 | 8 JULY | Google TAG | The Turla APT group created a fake Android app (APK) designed to look like a DDoS hacktivist tool developed by the Ukrainian Azov Regiment. The APKs we have seen were hosted on a Turla controlled domain with links disseminated through 3rd party messaging services. They were not hosted on the Play Store. | [twitter.com/billyleonard](https://twitter.com/billyleonard/status/1545461166377508865) |
 | 14 JULY | SSSCIP of Ukraine | SSSCIP published its statistics on vulnerability detection and cyber incidents for Q2 2022. Top APT groups includes UAC-0010, UAC-0056, UAC-0028, UAC-0098, UAC-0082/UAC-0113 | [scpc.gov.ua](https://scpc.gov.ua/api/docs/19b0a96e-8c31-44bf-863e-cd3e0b651f21/19b0a96e-8c31-44bf-863e-cd3e0b651f21.pdf) |
 | 18 JULY | Malwarebytes | UAC-0056 (AKA UNC2589, TA471, EmberBear, Lorec53) has repeatedly targeted the government entities in Ukraine via phishing campaigns, macro-docs, and Cobalt Strike Beacons | [blog.malwarebytes.com](https://blog.malwarebytes.com/threat-intelligence/2022/07/cobalt-strikes-again-uac-0056-continues-to-target-ukraine-in-its-latest-campaign/) |
+| 19 JULY | Google TAG | Continued cyber activity in Eastern Europe observed by TAG: Turla APKs, Follina vulnerability, Ghostwriter/UNC1151, COLDRIVER | [blog.google](https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag/) |
+| 20 JULY | US CYBERCOM | Cyber National Mission Force discloses IOCs from Ukrainian networks | [cybercom.mil](https://www.cybercom.mil/Media/News/Article/3098856/cyber-national-mission-force-discloses-iocs-from-ukrainian-networks/) |
+| 20 JULY | Mandiant | UNC1151 and suspected UNC2589 operations leveraging phishing with malicious documents leading to malware infection chains with themes related to public safety and humanitarian emergencies | [mandiant.com](https://www.mandiant.com/resources/spear-phish-ukrainian-entities) |