From f708bb10bc16cd96f0761e01d2d7ff1b66109740 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Fri, 1 Jul 2016 09:48:26 +0200
Subject: [PATCH] Pacifier APT added

---
 elements/adversary-groups.json | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/elements/adversary-groups.json b/elements/adversary-groups.json
index 85109bc..e85a712 100644
--- a/elements/adversary-groups.json
+++ b/elements/adversary-groups.json
@@ -84,7 +84,8 @@
     "Threat Group-2889",
     "Codoso",
     "Nitro",
-    "Stealth Falcon"
+    "Stealth Falcon",
+    "Pacifier APT"
   ],
   "details": [
     {
@@ -827,6 +828,13 @@
        "Operation Daybreak",
        "Operation Erebus"
       ]
+    },
+    {
+      "description": "Bitdefender detected and blocked an ongoing cyber-espionage campaign against Romanian institutions and other foreign targets. The attacks started in 2014, with the latest reported occurrences in May of 2016. The APT, dubbed Pacifier by Bitdefender researchers, makes use of malicious .doc documents and .zip files distributed via spear phishing e-mail.",
+      "group": "Pacifier APT",
+      "refs": [
+        "http://download.bitdefender.com/resources/files/News/CaseStudies/study/115/Bitdefender-Whitepaper-PAC-A4-en-EN1.pdf"
+      ]
     }
   ]
 }