APT32 added

clusters/threat-actor.json

@@ -1521,6 +1521,21 @@
       },
       "value": "Callisto",
       "description": "The Callisto Group  is an advanced threat actor whose known targets include military personnel, government officials, think tanks, and journalists in Europe and the South Caucasus. Their primary interest appears to be gathering intelligence related to foreign and security policy in the Eastern Europe and South Caucasus regions."
+    },
+    {
+      "meta": {
+        "synonyms": [
+          "OceanLotus Group",
+          "Ocean Lotus",
+          "APT-32",
+          "APT 32"
+        ],
+        "refs": [
+          "https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html"
+        ]
+      },
+      "value": "APT32",
+      "description": "Cyber espionage actors, now designated by FireEye as APT32 (OceanLotus Group), are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign governments, dissidents, and journalists. FireEye assesses that APT32 leverages a unique suite of fully-featured malware, in conjunction with commercially-available tools, to conduct targeted operations that are aligned with Vietnamese state interests."
     }
   ],
   "name": "Threat actor",
@@ -1535,5 +1550,5 @@
   ],
   "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.",
   "uuid": "7cdff317-a673-4474-84ec-4f1754947823",
-  "version": 19
+  "version": 20
 }