Update May.md

Threat Reports/May.md

@@ -17,5 +17,14 @@
 | 11 MAY | ZDnet | Posting a link to a story about the Viasat attack, Elon Musk noted on Twitter: "Starlink has resisted Russian cyberwar jamming & hacking attempts so far, but they're ramping up their efforts." | [zdnet.com](https://www.zdnet.com/article/elon-musk-says-russian-efforts-to-jam-starlink-are-ramping-up/) |
 | 12 MAY | TheRecord | The websites of Italy’s parliament, military and National Health Institute faced disruptions on Thursday by a pro-Russian hacking group previously implicated in a similar cyberattack on the Romanian government | [therecord.media](https://therecord.media/italy-killnet-hacking-military-parliament-national-health-institute/) |
 | 12 MAY | CERT-UA | Uac-0010 (Armageddon) cyberattacks using GammaLoad.PS1_v2 malware | [cert.gov.ua](https://cert.gov.ua/article/40240) |
+| 12 MAY | Cisco | Network Footprints of Gamaredon Group | [blogs.cisco.com](https://blogs.cisco.com/security/network-footprints-of-gamaredon-group) |
+| 12 MAY | Blackberry | Threat Thursday: Malware Rebooted - How Industroyer2 Takes Aim at Ukraine Infrastructure | [blogs.blackberry.com](https://blogs.blackberry.com/en/2022/05/threat-thursday-malware-rebooted-how-industroyer2-takes-aim-at-ukraine-infrastructure) |
 | 13 MAY | SSSCIP of Ukraine | Invaders use blackmailing and intimidation to force Ukrainian Internet service providers to connect to russian networks | [cip.gov.ua](https://cip.gov.ua/en/news/okupanti-shantazhem-i-pogrozami-zmushuyut-ukrayinskikh-provaideriv-pidklyuchatisya-do-rosiiskikh-merezh) |
 | 14 MAY | CERT-UA | Online fraud using the topic of "monetary assistance within the framework of the UN social program" | [cert.gov.ua](https://cert.gov.ua/article/40263) |
+| 16 MAY | @h2jazi | Gamaredon APT's self-extracting archive files | [twitter.com/h2jazi](https://twitter.com/h2jazi/status/1526309025389871105) |
+| 16 MAY | Malwayrebytes | Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis | [blog.malwarebytes.com](https://blog.malwarebytes.com/threat-intelligence/2022/05/custom-powershell-rat-targets-germans-seeking-information-about-the-ukraine-crisis/) |
+| 17 MAY | CyberPolice of Ukraine | Cyber police have arrested a fraudster hacking social media accounts who defrauded at least 50 people for more than 200k hryvnias | [cyberpolice.gov.ua](https://cyberpolice.gov.ua/news/kiberpolicziya-vykryla-cholovika-u-shaxrajstvi-zi-zlamom-akauntiv-soczmerezh-7742/) |
+| 18 MAY | SSSCIP of Ukraine | On 9 May 2022, SSSCIP observed a large-scale DDoS attack on the sites of leading Ukrainian telecom operators | [twitter.com/dsszzi](https://twitter.com/dsszzi/status/1526897451206156289) |
+| 19 MAY | Mandiant | The IO Offensive: Information Operations Surrounding the Russian Invasion of Ukraine | [mandiant.com](https://www.mandiant.com/resources/information-operations-surrounding-ukraine) |
+| 19 MAY | CyberKnow | Overview of KillNet: Pro-Russian Hacktivists | [cyberknow.medium.com](https://cyberknow.medium.com/killnet-pro-russian-hacktivists-e916ac7201a3) |
+| 20 MAY | ESET | Sandworm continues attacks in Ukraine, ESET found an evolution of a malware loader dubbed ArguePatch used during the Industroyer2 attacks. ArguePatch was used to launch CaddyWiper | [twitter.com/esetresearch](https://twitter.com/esetresearch/status/1527531726905409536) |