From 06553bbec205526ce39ba379c90c2b695b9e8a1d Mon Sep 17 00:00:00 2001
From: Bart <bartblaze@users.noreply.github.com>
Date: Thu, 21 Feb 2019 22:31:14 +0000
Subject: [PATCH] Add more info on Lotus Blossom

Add 2 more references, fix typo - Trend calls it "Esile", not "Eslie" as mistakenly stated by CFR. The backdoor itself is commonly referred to as Elise.
---
 clusters/threat-actor.json | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 11b0c0f..7459667 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -801,12 +801,15 @@
         "refs": [
           "https://securelist.com/blog/research/70726/the-spring-dragon-apt/",
           "https://securelist.com/spring-dragon-updated-activity/79067/",
-          "https://www.cfr.org/interactive/cyber-operations/lotus-blossom"
+          "https://www.cfr.org/interactive/cyber-operations/lotus-blossom",
+          "https://unit42.paloaltonetworks.com/operation-lotus-blossom/",
+          "https://www.accenture.com/t00010101T000000Z__w__/gb-en/_acnmedia/PDF-46/Accenture-Security-Elise-Threat-Analysis.pdf"
         ],
         "synonyms": [
           "Spring Dragon",
           "ST Group",
-          "Eslie"
+          "Esile",
+          "DRAGONFISH"
         ]
       },
       "related": [