From 6e08397d5bafc9f9bb8420e97fc7f5aa9fab364a Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Mon, 19 Sep 2016 16:15:20 +0200
Subject: [PATCH] More synonyms added

---
 elements/adversary-groups.json | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/elements/adversary-groups.json b/elements/adversary-groups.json
index 6ddfcf5..238590b 100644
--- a/elements/adversary-groups.json
+++ b/elements/adversary-groups.json
@@ -15,6 +15,7 @@
     "Comment Crew",
     "Sofacy",
     "APT 29",
+    "APT30",
     "Turla Group",
     "Energetic Bear",
     "Sandworm",
@@ -244,7 +245,9 @@
         "BeeBus",
         "Group 22",
         "DynCalc",
-        "Crimson Iron"
+        "Crimson Iron",
+        "APT12",
+        "APT 12"
       ]
     },
     {
@@ -292,7 +295,8 @@
         "Group 72",
         "Group72",
         "Tailgater",
-        "Ragebeast"
+        "Ragebeast",
+        "Blackfly"
       ]
     },
     {
@@ -911,6 +915,10 @@
        "synonyms": ["Strider", "Sauron"],
        "description": "ProjectSauron is the name for a top level modular cyber-espionage platform, designed to enable and manage long-term campaigns through stealthy survival mechanisms coupled with multiple exfiltration methods.  Technical details show how attackers learned from other extremely advanced actors in order to avoid repeating their mistakes. As such, all artifacts are customized per given target, reducing their value as indicators of compromise for any other victim.  Usually APT campaigns have a geographical nexus, aimed at extracting information within a specific region or from a given industry. That usually results in several infections in countries within that region, or in the targeted industry around the world. Interestingly, ProjectSauron seems to be dedicated to just a couple of countries, focused on collecting high value intelligence by compromising almost all key entities it could possibly reach within the target area.  The name, ProjectSauron reflects the fact that the code authors refer to ‘Sauron’ in the Lua scripts.",
        "refs": ["https://securelist.com/analysis/publications/75533/faq-the-projectsauron-apt/"]
+     },
+     {
+       "value": "APT30",
+       "refs": ["https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"]
      }
   ]
 }