From 0ddf797234f600909b09815aff93d3bcec66176d Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Fri, 20 Dec 2024 02:55:33 -0800
Subject: [PATCH] [threat-actors] Add Operation C-Major aliases

---
 clusters/threat-actor.json | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 59c0498..6aab960 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -3517,7 +3517,9 @@
           "https://www.fireeye.com/blog/threat-research/2016/06/apt_group_sends_spea.html",
           "https://www.secureworks.com/research/threat-profiles/copper-fieldstone",
           "https://www.trendmicro.com/en_us/research/22/a/investigating-apt36-or-earth-karkaddans-attack-chain-and-malware.html",
-          "https://www.sentinelone.com/labs/capratube-transparent-tribes-caprarat-mimics-youtube-to-hijack-android-phones/"
+          "https://www.sentinelone.com/labs/capratube-transparent-tribes-caprarat-mimics-youtube-to-hijack-android-phones/",
+          "https://www.microsoft.com/en-us/security/blog/2024/12/04/frequent-freeloader-part-i-secret-blizzard-compromising-storm-0156-infrastructure-for-espionage/",
+          "https://www.reco.ai/blog/how-apt36-elizarat-redefines-cyber-espionage"
         ],
         "synonyms": [
           "C-Major",
@@ -3529,7 +3531,8 @@
           "TMP.Lapis",
           "Green Havildar",
           "COPPER FIELDSTONE",
-          "Earth Karkaddan"
+          "Earth Karkaddan",
+          "Storm-0156"
         ],
         "targeted-sector": [
           "Activists",