diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index a0031f0a..2a9cf3c4 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -2717,14 +2717,23 @@ "value": "Deadeye Jackal" }, { - "description": "Group targeting Indian Army or related assets in India. Attribution to a Pakistani connection has been made by TrendMicro.", + "description": "Group targeting Indian Army or related assets in India, as well as activists and civil society in Pakistan. Attribution to a Pakistani connection has been made by TrendMicro and others.", "meta": { + "cfr-suspected-state-sponsor": "Pakistan", + "cfr-target-category": [ + "Civil society", + "Military", + "Government" + ], "country": "PK", "refs": [ - "http://documents.trendmicro.com/assets/pdf/Indian-military-personnel-targeted-by-information-theft-campaign-cmajor.pdf" + "http://documents.trendmicro.com/assets/pdf/Indian-military-personnel-targeted-by-information-theft-campaign-cmajor.pdf", + "https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf", + "https://www.amnesty.org/en/documents/asa33/8366/2018/en/" ], "synonyms": [ - "C-Major" + "C-Major", + "Transparent Tribe" ] }, "uuid": "acbb5cad-ffe7-4b0e-a57a-2dbc916e8905", @@ -2865,16 +2874,6 @@ "uuid": "18d473a5-831b-47a5-97a1-a32156299825", "value": "Dropping Elephant" }, - { - "description": "Proofpoint researchers recently uncovered evidence of an advanced persistent threat (APT) against Indian diplomatic and military resources. Our investigation began with malicious emails sent to Indian embassies in Saudi Arabia and Kazakstan but turned up connections to watering hole sites focused on Indian military personnel and designed to drop a remote access Trojan (RAT) with a variety of data exfiltration functions.", - "meta": { - "refs": [ - "https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf" - ] - }, - "uuid": "0b36d80d-5966-4c91-945b-1ac85552aa7b", - "value": "Operation Transparent Tribe" - }, { "description": "Scarlet Mimic is a threat group that has targeted minority rights activists. This group has not been directly linked to a government source, but the group's motivations appear to overlap with those of the Chinese government. While there is some overlap between IP addresses used by Scarlet Mimic and Putter Panda, it has not been concluded that the groups are the same.", "meta": {