From 31f3a61d5fed33653f6270e9d1bf82b36cbc708c Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Thu, 5 Dec 2019 15:42:42 +0100
Subject: [PATCH 1/3] add Sofacy ref

---
 clusters/threat-actor.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index df07394..0f2fde5 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -2396,7 +2396,8 @@
           "https://netzpolitik.org/2015/digital-attack-on-german-parliament-investigative-report-on-the-hack-of-the-left-party-infrastructure-in-bundestag/",
           "https://www.washingtonpost.com/technology/2019/02/20/microsoft-says-it-has-found-another-russian-operation-targeting-prominent-think-tanks/?utm_term=.870ff11468ae",
           "https://www.handelsblatt.com/today/politics/election-risks-russia-linked-hackers-target-german-political-foundations/23569188.html?ticket=ST-2696734-GRHgtQukDIEXeSOwksXO-ap1",
-          "https://www.accenture.com/t20190213T141124Z__w__/us-en/_acnmedia/PDF-94/Accenture-SNAKEMACKEREL-Threat-Campaign-Likely-Targeting-NATO-Members-Defense-and-Military-Outlets.pdf"
+          "https://www.accenture.com/t20190213T141124Z__w__/us-en/_acnmedia/PDF-94/Accenture-SNAKEMACKEREL-Threat-Campaign-Likely-Targeting-NATO-Members-Defense-and-Military-Outlets.pdf",
+          "https://marcoramilli.com/2019/12/05/apt28-attacks-evolution/"
         ],
         "synonyms": [
           "APT 28",

From 391b5a674dc216c2b2347088c3b45ab516e1c616 Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Wed, 11 Dec 2019 13:50:35 +0100
Subject: [PATCH 2/3] add Axiom synonym

---
 clusters/threat-actor.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 0f2fde5..0859ad9 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -673,6 +673,7 @@
         "synonyms": [
           "Winnti Umbrella",
           "Winnti Group",
+          "WinNTI"
           "Tailgater Team",
           "Suckfly",
           "APT41",
@@ -7803,5 +7804,5 @@
       "value": "Calypso group"
     }
   ],
-  "version": 143
+  "version": 144
 }

From 170f964e8c9d8879d3163839f876db5055a9a963 Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Wed, 11 Dec 2019 14:22:09 +0100
Subject: [PATCH 3/3] ##COMMA##

---
 clusters/threat-actor.json | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 7bc0a46..2ad84fe 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -673,7 +673,7 @@
         "synonyms": [
           "Winnti Umbrella",
           "Winnti Group",
-          "WinNTI"
+          "WinNTI",
           "Tailgater Team",
           "Suckfly",
           "APT41",
@@ -7828,7 +7828,5 @@
       "value": "APT-C-34"
     }
   ],
-
-  "version": 144
   "version": 146
 }