From 1f6b606f75c1ce323ab797839885b2b9f0bfa0b6 Mon Sep 17 00:00:00 2001
From: Daniel Plohmann <daniel.plohmann@mailbox.org>
Date: Wed, 7 Nov 2018 17:19:50 +0100
Subject: [PATCH 1/2] added APT38 as (FireEye) alias for Lazarus

cross-references in https://content.fireeye.com/apt/rpt-apt38 suggest the link to Lazarus.
---
 clusters/threat-actor.json | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 9574a5c..bdc230e 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -2637,7 +2637,8 @@
           "https://www.cfr.org/interactive/cyber-operations/operation-ghostsecret",
           "https://securelist.com/operation-applejeus/87553/",
           "https://www.cfr.org/interactive/cyber-operations/compromise-cryptocurrency-exchanges-south-korea",
-          "https://www.bleepingcomputer.com/news/security/lazarus-group-deploys-its-first-mac-malware-in-cryptocurrency-exchange-hack/"
+          "https://www.bleepingcomputer.com/news/security/lazarus-group-deploys-its-first-mac-malware-in-cryptocurrency-exchange-hack/",
+          "https://content.fireeye.com/apt/rpt-apt38"
         ],
         "synonyms": [
           "Operation DarkSeoul",
@@ -2653,7 +2654,8 @@
           "Labyrinth Chollima",
           "Operation Troy",
           "Operation GhostSecret",
-          "Operation AppleJeus"
+          "Operation AppleJeus",
+          "APT38"
         ]
       },
       "related": [
@@ -5999,5 +6001,5 @@
       "value": "EvilTraffic"
     }
   ],
-  "version": 76
+  "version": 77
 }

From 8f8c69134eb884a892c146dffeb66cfda910ead4 Mon Sep 17 00:00:00 2001
From: Benoit Sevens <8685678+b3n7s@users.noreply.github.com>
Date: Mon, 12 Nov 2018 13:12:14 +0100
Subject: [PATCH 2/2] Update threat-actor.json

Add LuckyMouse link
---
 clusters/threat-actor.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index bdc230e..d0de391 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -5433,7 +5433,8 @@
           "http://newsroom.trendmicro.com/blog/operation-iron-tiger-attackers-shift-east-asia-united-states",
           "https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage",
           "https://www.threatconnect.com/blog/threatconnect-discovers-chinese-apt-activity-in-europe/",
-          "https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/april/decoding-network-data-from-a-gh0st-rat-variant/"
+          "https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/april/decoding-network-data-from-a-gh0st-rat-variant/",
+          "https://securelist.com/luckymouse-ndisproxy-driver/87914/"
         ],
         "synonyms": [
           "Emissary Panda",