From 4efd5a1b74eee21839305235522ea9b06150bbf9 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Wed, 2 Mar 2016 08:39:24 +0100
Subject: [PATCH] More descriptions added

---
 elements/adversary-groups.json | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/elements/adversary-groups.json b/elements/adversary-groups.json
index 4078b7a..c05d339 100644
--- a/elements/adversary-groups.json
+++ b/elements/adversary-groups.json
@@ -3,7 +3,7 @@
   "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.",
   "authors": ["Alexandre Dulaunoy", "Florian Roth", "Thomas Schreck", "Various"],
   "type": "Adversary Groups",
-  "groups"  : ["Comment Crew","Putter Panda","Sofacy","APT 29","Turla Group","Energetic Bear","Sandworm","Anunak","TeamSpy Crew","BuhTrap","Putter Panda","UPS","IXESHE","APT 16","Aurora Panda","Wekby","Axiom","Shell Crew","Naikon","Lotus Blossom","Hurricane Panda","Emissary Panda","Stone Panda","Nightshade Panda","Hellsing","Night Dragon","Mirage","Anchor Panda","NetTraveler","Ice Fog","HiddenLynx","Beijing Group","Pirate Panda","Radio Panda","Dagger Panda","Samurai Panda","Impersonating Panda","Violin Panda","Toxic Panda","Temper Panda","Flying Kitten","Viking Jackal","Cutting Kitten","Rebel Jackal","Stalker Panda","Berserk Bear","Dizzy Panda","Predator Panda","Pitty Panda","Wet Panda","Union Panda","Wolf Spider","Boulder Bear","Lotus Panda","Shark Spider","Silent Chollima","Viceroy Tiger","Pizzo Spider","Corsair Jackal","Charming Kitten","Deadeye Jackal"],
+  "groups"  : ["Comment Crew","Putter Panda","Sofacy","APT 29","Turla Group","Energetic Bear","Sandworm","Anunak","TeamSpy Crew","BuhTrap","Putter Panda","UPS","IXESHE","APT 16","Aurora Panda","Wekby","Axiom","Shell Crew","Naikon","Lotus Blossom","Hurricane Panda","Emissary Panda","Stone Panda","Nightshade Panda","Hellsing","Night Dragon","Mirage","Anchor Panda","NetTraveler","Ice Fog","HiddenLynx","Beijing Group","Pirate Panda","Radio Panda","Dagger Panda","Samurai Panda","Impersonating Panda","Violin Panda","Toxic Panda","Temper Panda","Flying Kitten","Viking Jackal","Cutting Kitten","Rebel Jackal","Stalker Panda","Berserk Bear","Dizzy Panda","Predator Panda","Pitty Panda","Wet Panda","Union Panda","Wolf Spider","Boulder Bear","Lotus Panda","Shark Spider","Silent Chollima","Viceroy Tiger","Pizzo Spider","Corsair Jackal","Charming Kitten","Deadeye Jackal","Spicy Panda","Magic Kitten"],
   "details" : [
                         {
                         "group": "Comment Crew",
@@ -29,10 +29,20 @@
                         "country": "CN"
                         },
                         {
+                        "group": "Spicy Panda",
+                        "country": "CN"
+                        },
+                        {
                         "group": "Eloquent Panda",
                         "country": "CN"
                         },
                         {
+                        "group": "Emissary Panda",
+                        "description": "A China-based actor that targets foreign embassies to collect data on government, defence, and technology sectors.",
+                        "refs": ["http://www.scmagazineuk.com/iran-and-russia-blamed-for-state-sponsored-espionage/article/330401/"],
+                        "country": "CN"
+                        },
+                        {
                         "group": "Dizzy Panda",
                         "synonyms": ["LadyBoyle"]
                         },
@@ -51,6 +61,7 @@
                         },
                         {
                         "group": "IXESHE",
+                        "description": "A group of China-based attackers, who conducted a number of spear phishing attacks in 2013.",
                         "refs": ["http://www.crowdstrike.com/blog/whois-numbered-panda/"],
                         "country": "CN",
                         "synonyms": ["Numbered Panda", "TG-2754", "BeeBus", "Group 22", "DynCalc", "Crimson Iron"]
@@ -225,6 +236,12 @@
                         "country": "IR"
                         },
                         {
+                        "group": "Magic Kitten",
+                        "description": "An established group of cyber attackers based in Iran, who carried on several campaigns in 2013, including a series of attacks targeting political dissidents and those supporting Iranian political opposition ",
+                        "refs": ["http://www.scmagazineuk.com/iran-and-russia-blamed-for-state-sponsored-espionage/article/330401/"],
+                        "country": "IR"
+                        },
+                        {
                         "group": "Rebel Jackal",
                         "synonyms": ["FallagaTeam"],
                         "country": "TN"
@@ -254,6 +271,8 @@
                         },
                         {
                         "group": "Energetic Bear",
+                        "description": "A Russian group that collects intelligence on the energy industry.",
+                        "refs": ["http://www.scmagazineuk.com/iran-and-russia-blamed-for-state-sponsored-espionage/article/330401/"],
                         "country": "RU",
                         "synonyms": ["Dragonfly", "Crouching Yeti", "Group 24", "Havex", "CrouchingYeti"]
                         },