From d9a64c18ffe2e8890988a630a494696a422c2015 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Mon, 4 Nov 2019 09:37:52 +0100
Subject: [PATCH] chg: [threat-actor] threat-actor-classification updated

---
 clusters/threat-actor.json | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 58425cb1..59040c9f 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -7,7 +7,7 @@
     "Various"
   ],
   "category": "actor",
-  "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.",
+  "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign. threat-actor-classification meta can be used to clarify the understanding of the threat-actor if also considered as operation, campaign or activity group.",
   "name": "Threat Actor",
   "source": "MISP Project",
   "type": "threat-actor",
@@ -7758,6 +7758,9 @@
       "meta": {
         "refs": [
           "https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers"
+        ],
+        "threat-actor-classification": [
+          "operation"
         ]
       },
       "uuid": "8dda51ef-9a30-48f7-b0fd-5b6f0a62262d",
@@ -7770,12 +7773,12 @@
           "https://securelist.com/chrome-0-day-exploit-cve-2019-13720-used-in-operation-wizardopium/94866/"
         ],
         "threat-actor-classification": [
-          "campaign"
+          "operation"
         ]
       },
       "uuid": "75db4269-924b-4771-8f62-0de600a43634",
       "value": "Operation WizardOpium"
     }
   ],
-  "version": 138
+  "version": 139
 }