From 4130d7c6fc96a1ce3f49a5cf4965e58efab0faea Mon Sep 17 00:00:00 2001
From: Thomas Dupuy <thom4s.d@gmail.com>
Date: Thu, 13 Aug 2020 12:22:36 -0400
Subject: [PATCH] Update TA APT40

---
 clusters/threat-actor.json | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index b141096..c138622 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -5769,7 +5769,16 @@
           "United States",
           "Hong Kong",
           "The Philippines",
-          "Asia Pacific Economic Cooperation"
+          "Asia Pacific Economic Cooperation",
+          "Cambodia",
+          "Belgium",
+          "Germany",
+          "Philippines",
+          "Malaysia",
+          "Norway",
+          "Saudi Arabia",
+          "Switzerland",
+          "United Kingdom"
         ],
         "cfr-target-category": [
           "Government",
@@ -5792,7 +5801,9 @@
           "https://intrusiontruth.wordpress.com/2020/01/13/who-else-works-for-this-cover-company-network",
           "https://intrusiontruth.wordpress.com/2020/01/14/who-is-mr-ding",
           "https://intrusiontruth.wordpress.com/2020/01/15/hainan-xiandun-technology-company-is-apt40",
-          "https://www.secureworks.com/research/threat-profiles/bronze-mohawk"
+          "https://www.secureworks.com/research/threat-profiles/bronze-mohawk",
+          "https://www.mycert.org.my/portal/advisory?id=MA-774.022020",
+          "https://www.elastic.co/blog/advanced-techniques-used-in-malaysian-focused-apt-campaign"
         ],
         "synonyms": [
           "TEMP.Periscope",
@@ -8317,5 +8328,5 @@
       "value": "GALLIUM"
     }
   ],
-  "version": 171
+  "version": 172
 }