From 55083776a0058ea07a450ee3c943d3c9b117c2a9 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Tue, 6 Feb 2024 07:30:05 -0800
Subject: [PATCH] [threat-actors] Add Domestic Kitten aliases

---
 clusters/threat-actor.json | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 2d5a29a..820c620 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -7145,8 +7145,16 @@
     {
       "description": "An extensive surveillance operation targets specific groups of individuals with malicious mobile apps that collect sensitive information on the device along with surrounding voice recordings. Researchers with CheckPoint discovered the attack and named it Domestic Kitten. The targets are Kurdish and Turkish natives, and ISIS supporters, all Iranian citizens.",
       "meta": {
+        "country": "IR",
         "refs": [
-          "https://www.bleepingcomputer.com/news/security/domestic-kitten-apt-operates-in-silence-since-2016/"
+          "https://www.bleepingcomputer.com/news/security/domestic-kitten-apt-operates-in-silence-since-2016/",
+          "https://www.trendmicro.com/en_us/research/19/f/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east.html",
+          "https://www.welivesecurity.com/2022/10/20/domestic-kitten-campaign-spying-iranian-citizens-furball-malware/",
+          "https://research.checkpoint.com/2021/domestic-kitten-an-inside-look-at-the-iranian-surveillance-operations/"
+        ],
+        "synonyms": [
+          "Bouncing Golf",
+          "APT-C-50"
         ]
       },
       "uuid": "dda1b28e-c558-11e8-8666-27cf61d1d7ee",