From 0b7be372ed4563331b3980868edbfdf6bda51309 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Mon, 1 Aug 2016 16:31:00 +0200
Subject: [PATCH] Poseidon Group added

---
 elements/adversary-groups.json | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/elements/adversary-groups.json b/elements/adversary-groups.json
index 41f1c3c..fba8c80 100644
--- a/elements/adversary-groups.json
+++ b/elements/adversary-groups.json
@@ -87,7 +87,8 @@
     "Pacifier APT",
     "HummingBad",
     "Dropping Elephant",
-    "Operation Transparent Tribe"
+    "Operation Transparent Tribe",
+    "Poseidon Group"
   ],
   "details": [
     {
@@ -873,6 +874,11 @@
        "description": "Scarlet Mimic is a threat group that has targeted minority rights activists. This group has not been directly linked to a government source, but the group's motivations appear to overlap with those of the Chinese government. While there is some overlap between IP addresses used by Scarlet Mimic and Putter Panda, it has not been concluded that the groups are the same.",
        "refs": ["https://attack.mitre.org/wiki/Groups", "http://researchcenter.paloaltonetworks.com/2016/01/scarlet-mimic-years-long-espionage-targets-minority-activists/"],
        "country": "CN"
+     },
+     {
+       "group": "Poseidon Group",
+       "description": "Poseidon Group is a Portuguese-speaking threat group that has been active since at least 2005. The group has a history of using information exfiltrated from victims to blackmail victim companies into contracting the Poseidon Group as a security firm.",
+       "refs": ["https://securelist.com/blog/research/73673/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/","https://attack.mitre.org/wiki/Groups"]
      }
   ]
 }