From 9f011d69cf16db4a5acbe3facf75c6a6d77a01c0 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Mon, 1 Aug 2016 16:41:44 +0200
Subject: [PATCH] Moafee added

---
 elements/adversary-groups.json | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/elements/adversary-groups.json b/elements/adversary-groups.json
index 0de1143f..7411d6e4 100644
--- a/elements/adversary-groups.json
+++ b/elements/adversary-groups.json
@@ -88,7 +88,8 @@
     "HummingBad",
     "Dropping Elephant",
     "Operation Transparent Tribe",
-    "Poseidon Group"
+    "Poseidon Group",
+    "DragonOK"
   ],
   "details": [
     {
@@ -885,7 +886,10 @@
        "group": "DragonOK",
        "description": "Threat group that has targeted Japanese organizations with phishing emails. Due to overlapping TTPs, including similar custom tools, DragonOK is thought to have a direct or indirect relationship with the threat group Moafee. 2223 It is known to use a variety of malware, including Sysget/HelloBridge, PlugX, PoisonIvy, FormerFirstRat, NFlog, and NewCT.",
        "country": "CN",
-       "refs": ["https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-quantum-entanglement.pdf", "https://attack.mitre.org/wiki/Groups"]
+       "refs": ["https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-quantum-entanglement.pdf", "https://attack.mitre.org/wiki/Groups"],
+       "synonyms": [
+        "Moafee"
+        ]
      }
   ]
 }