From 22bf4f951f2cf9ddd6757218689e71f69dc1b567 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Tue, 27 Feb 2018 19:32:07 +0100
Subject: [PATCH] fix #161

---
 clusters/threat-actor.json | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 510d44d..f413928 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -2276,6 +2276,27 @@
           "https://blog.newskysecurity.com/masuta-satori-creators-second-botnet-weaponizes-a-new-router-exploit-2ddc51cc52a7"
         ]
       }
+    },
+    {
+      "value": "APT37",
+      "description": "APT37 has likely been active since at least 2012 and focuses on targeting the public and private sectors primarily in South Korea. In 2017, APT37 expanded its targeting beyond the Korean peninsula to include Japan, Vietnam and the Middle East, and to a wider range of industry verticals, including chemicals, electronics, manufacturing, aerospace, automotive and healthcare entities",
+      "meta": {
+        "refs": [
+          "https://www.fireeye.com/blog/threat-research/2018/02/apt37-overlooked-north-korean-actor.html",
+          "https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf",
+          "http://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html",
+          "https://twitter.com/mstoned7/status/966126706107953152"
+        ],
+        "synonyms": [
+          "APT 37",
+          "Group 123",
+          "Starcruft",
+          "Reaper",
+          "Red Eyes",
+          "Ricochet Chollima"
+        ],
+        "country": "KP"
+      }
     }
   ],
   "name": "Threat actor",
@@ -2290,5 +2311,5 @@
   ],
   "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.",
   "uuid": "7cdff317-a673-4474-84ec-4f1754947823",
-  "version": 33
+  "version": 34
 }