Proofpoint identifies thousands of malicious email attachments and URLs every day. However, currently only about half of all attack threats are associated with an actor. The aim of this Clinic project is to improve this ratio, by using machine learning and heuristics to provide a proof-of-concept for the systematic association of attacks with actors and identification of new actors.