From c2ea505459b86a11ae17362d358b14a72e90ef47 Mon Sep 17 00:00:00 2001
From: Nex <nex@nex.sx>
Date: Mon, 17 Sep 2018 16:11:18 +0200
Subject: [PATCH] Merged Transparent Tribe in C-Major

---
 clusters/threat-actor.json | 25 ++++++++++++-------------
 1 file changed, 12 insertions(+), 13 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index a0031f0..2a9cf3c 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -2717,14 +2717,23 @@
       "value": "Deadeye Jackal"
     },
     {
-      "description": "Group targeting Indian Army or related assets in India. Attribution to a Pakistani connection has been made by TrendMicro.",
+      "description": "Group targeting Indian Army or related assets in India, as well as activists and civil society in Pakistan. Attribution to a Pakistani connection has been made by TrendMicro and others.",
       "meta": {
+        "cfr-suspected-state-sponsor": "Pakistan",
+        "cfr-target-category": [
+          "Civil society",
+          "Military",
+          "Government"
+        ],
         "country": "PK",
         "refs": [
-          "http://documents.trendmicro.com/assets/pdf/Indian-military-personnel-targeted-by-information-theft-campaign-cmajor.pdf"
+          "http://documents.trendmicro.com/assets/pdf/Indian-military-personnel-targeted-by-information-theft-campaign-cmajor.pdf",
+          "https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf",
+          "https://www.amnesty.org/en/documents/asa33/8366/2018/en/"
         ],
         "synonyms": [
-          "C-Major"
+          "C-Major",
+          "Transparent Tribe"
         ]
       },
       "uuid": "acbb5cad-ffe7-4b0e-a57a-2dbc916e8905",
@@ -2865,16 +2874,6 @@
       "uuid": "18d473a5-831b-47a5-97a1-a32156299825",
       "value": "Dropping Elephant"
     },
-    {
-      "description": "Proofpoint researchers recently uncovered evidence of an advanced persistent threat (APT) against Indian diplomatic and military resources. Our investigation began with malicious emails sent to Indian embassies in Saudi Arabia and Kazakstan but turned up connections to watering hole sites focused on Indian military personnel and designed to drop a remote access Trojan (RAT) with a variety of data exfiltration functions.",
-      "meta": {
-        "refs": [
-          "https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf"
-        ]
-      },
-      "uuid": "0b36d80d-5966-4c91-945b-1ac85552aa7b",
-      "value": "Operation Transparent Tribe"
-    },
     {
       "description": "Scarlet Mimic is a threat group that has targeted minority rights activists. This group has not been directly linked to a government source, but the group's motivations appear to overlap with those of the Chinese government. While there is some overlap between IP addresses used by Scarlet Mimic and Putter Panda, it has not been concluded that the groups are the same.",
       "meta": {