From c08c6af936f9baeba1b811aa1a29ca366871baf2 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Tue, 29 May 2018 21:47:04 +0200
Subject: [PATCH] chg: Stalker Panda description added

---
 clusters/threat-actor.json | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 344ec79..7b9b3d5 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -26,9 +26,13 @@
     },
     {
       "meta": {
-        "country": "CN"
+        "country": "CN",
+        "refs": [
+          "https://wikileaks.org/vault7/document/2015-08-20150814-256-CSIR-15005-Stalker-Panda/2015-08-20150814-256-CSIR-15005-Stalker-Panda.pdf"
+        ]
       },
       "value": "Stalker Panda",
+      "description": "The group appears to have close ties to the Chinese National University of Defense and Technology, which is possibly linked to the PLA. Stalker Panda has been observed conducting targeted attacks against Japan, Taiwan, Hong Kong, and the United States. The attacks appear to be centered on political, media, and engineering sectors. The group appears to have been active since around 2010 and they maintain and upgrade their tools regularly.",
       "uuid": "36843742-adf1-427c-a7c0-067d74b4aeaf"
     },
     {
@@ -2688,5 +2692,5 @@
   ],
   "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.",
   "uuid": "7cdff317-a673-4474-84ec-4f1754947823",
-  "version": 40
+  "version": 41
 }