From 1988662ee5d3a142ac186ccfe7ab657b9963c11e Mon Sep 17 00:00:00 2001
From: Thomas Dupuy <thom4s.d@gmail.com>
Date: Fri, 9 Aug 2019 10:24:06 -0400
Subject: [PATCH 1/3] add APT41

---
 clusters/threat-actor.json | 46 +++++++++++++++++++++++++++++++++++++-
 1 file changed, 45 insertions(+), 1 deletion(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 2a2fea4..646d309 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -7637,7 +7637,51 @@
       },
       "uuid": "5533d062-18ab-4c70-9472-0eac03f95a1d",
       "value": "TA428"
+    },
+    {
+      "description": "APT41 is a prolific cyber threat group that carries out Chinese state-sponsored espionage activity in addition to financially motivated activity potentially outside of state control.",
+      "meta": {
+        "cfr-suspected-state-sponsor": "People's Republic of China",
+        "cfr-suspected-victims": [
+          "France",
+          "India",
+          "Italy",
+          "Japan",
+          "Myanmar",
+          "Netherlands",
+          "Singapore",
+          "South Korea",
+          "South Africa",
+          "Switzerland",
+          "Thailand",
+          "Turkey",
+          "United Kingdom",
+          "United States"
+        ],
+        "cfr-target-category": [
+          "Healthcare",
+          "High-tech",
+          "Media",
+          "Pharmaceuticals",
+          "Retail",
+          "Software companies",
+          "Telecoms",
+          "Travel services",
+          "Education",
+          "Video games",
+          "Virtual currencies"
+        ],
+        "country": "CN",
+        "refs": [
+          "https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html"
+        ],
+        "synonyms": [
+          ""
+        ]
+      },
+      "uuid": "9c124874-042d-48cd-b72b-ccdc51ecbbd6",
+      "value": "APT41"
     }
   ],
-  "version": 125
+  "version": 126
 }

From 320e298549f48c9ec9f2d72c387c2e37ded3c7ae Mon Sep 17 00:00:00 2001
From: Thomas Dupuy <thom4s.d@gmail.com>
Date: Fri, 9 Aug 2019 10:45:10 -0400
Subject: [PATCH 2/3] update victims

---
 clusters/threat-actor.json | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 646d309..4daea87 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -7659,17 +7659,21 @@
           "United States"
         ],
         "cfr-target-category": [
+          "Automotive",
+          "Business",
+          "Services",
+          "Cryptocurrency",
+          "Education",
+          "Energy",
+          "Financial",
           "Healthcare",
-          "High-tech",
-          "Media",
+          "High-Tech",
+          "Intergovernmental",
+          "Media and Entertainment",
           "Pharmaceuticals",
           "Retail",
-          "Software companies",
-          "Telecoms",
-          "Travel services",
-          "Education",
-          "Video games",
-          "Virtual currencies"
+          "Telecommunications",
+          "Travel"
         ],
         "country": "CN",
         "refs": [

From df5c9057a15a2a797f3c6b7a0a19e05c1c75741e Mon Sep 17 00:00:00 2001
From: Thomas Dupuy <thom4s.d@gmail.com>
Date: Fri, 9 Aug 2019 17:34:22 -0400
Subject: [PATCH 3/3] add synonyme for Turla

---
 clusters/threat-actor.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 4daea87..2ebe022 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -2575,7 +2575,8 @@
           "Pacifier APT",
           "Popeye",
           "SIG23",
-          "Iron Hunter"
+          "Iron Hunter",
+          "MAKERSMARK"
         ]
       },
       "related": [