From b54877b6317de9d7638cf7be35f7907b37a4201c Mon Sep 17 00:00:00 2001
From: Christophe Vandeplas <christophe@vandeplas.com>
Date: Mon, 17 Oct 2016 15:03:27 +0200
Subject: [PATCH] additional adversary groups

Using as a source https://docs.google.com/spreadsheets/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/edit
---
 elements/adversary-groups.json | 51 ++++++++++++++++++++++++++--------
 1 file changed, 39 insertions(+), 12 deletions(-)

diff --git a/elements/adversary-groups.json b/elements/adversary-groups.json
index 0eda0e0..32eeb29 100644
--- a/elements/adversary-groups.json
+++ b/elements/adversary-groups.json
@@ -132,7 +132,8 @@
     },
     {
       "synonyms": [
-        "C0d0so"
+        "C0d0so",
+        "Sunshop Group"
       ],
       "refs": [
         "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
@@ -211,7 +212,8 @@
         "APT-2",
         "MSUpdater",
         "4HCrew",
-        "SULPHUR"
+        "SULPHUR",
+        "TG-6952"
       ]
     },
     {
@@ -275,7 +277,9 @@
         "APT 17",
         "Deputy Dog",
         "Group 8",
-        "APT17"
+        "APT17",
+        "Hidden Lynx",
+        "Tailgater Team"
       ]
     },
     {
@@ -435,7 +439,8 @@
         "Vixen Panda",
         "Ke3Chang",
         "GREF",
-        "Playful Dragon"
+        "Playful Dragon",
+        "APT 15"
       ]
     },
     {
@@ -456,6 +461,9 @@
       "refs": [
         "https://securelist.com/blog/research/35936/nettraveler-is-running-red-star-apt-attacks-compromise-high-profile-victims/"
       ],
+      "synonyms": [
+        "APT 21"
+      ],
       "country": "CN"
     },
     {
@@ -492,6 +500,9 @@
     },
     {
       "value": "Beijing Group",
+      "synonyms": [
+        "Sneaky Panda"
+      ],
       "country": "CN"
     },
     {
@@ -572,14 +583,20 @@
       "value": "Flying Kitten",
       "synonyms": [
         "SaffronRose",
-        "AjaxSecurityTeam"
+        "Saffron Rose",
+        "AjaxSecurityTeam",
+        "Ajax Security Team",
+        "Group 26"
       ],
       "country": "IR"
     },
     {
       "value": "Cutting Kitten",
       "synonyms": [
-        "ITSecTeam"
+        "ITSecTeam",
+        "Threat Group 2889",
+        "TG-2889",
+        "Ghambar"
       ],
       "country": "IR"
     },
@@ -587,7 +604,8 @@
       "value": "Charming Kitten",
       "synonyms": [
         "Newscaster",
-        "Parastoo"
+        "Parastoo",
+        "Group 83"
       ],
       "country": "IR"
     },
@@ -597,6 +615,9 @@
       "refs": [
         "http://www.scmagazineuk.com/iran-and-russia-blamed-for-state-sponsored-espionage/article/330401/"
       ],
+      "synonyms": [
+        "Group 42"
+      ],
       "country": "IR"
     },
     {
@@ -653,7 +674,8 @@
         "Sednit",
         "TsarTeam",
         "TG-4127",
-        "Group-4127"
+        "Group-4127",
+        "STRONTIUM"
       ]
     },
     {
@@ -675,7 +697,9 @@
         "OfficeMonkeys",
         "APT29",
         "Cozy Bear",
-        "The Dukes"
+        "The Dukes",
+        "Minidionis",
+        "SeaDuke"
       ]
     },
     {
@@ -687,7 +711,8 @@
         "Venomous Bear",
         "Group 88",
         "Waterbug",
-        "WRAITH"
+        "WRAITH",
+        "Turla Team"
       ]
     },
     {
@@ -702,7 +727,8 @@
         "Crouching Yeti",
         "Group 24",
         "Havex",
-        "CrouchingYeti"
+        "CrouchingYeti",
+        "Koala Team"
       ]
     },
     {
@@ -723,7 +749,8 @@
       "description": "Groups targeting financial organizations or people with significant financial assets.",
       "country": "RU",
       "synonyms": [
-        "Carbanak"
+        "Carbanak",
+        "Carbon Spider"
       ]
     },
     {