From c9e15b0c08f4ec1f0816dccad497e2653250a17c Mon Sep 17 00:00:00 2001
From: Daniel Plohmann <plohmann@cs.uni-bonn.de>
Date: Wed, 19 Dec 2018 10:46:58 +0100
Subject: [PATCH 1/2] new name SNAKEMACKEREL for APT28 by Accenture

---
 clusters/threat-actor.json | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index e16c13e6..f18181b0 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -2101,7 +2101,8 @@
           "https://www.cfr.org/interactive/cyber-operations/apt-28",
           "https://blogs.microsoft.com/on-the-issues/2018/08/20/we-are-taking-new-steps-against-broadening-threats-to-democracy/",
           "https://www.bleepingcomputer.com/news/security/microsoft-disrupts-apt28-hacking-campaign-aimed-at-us-midterm-elections/",
-          "https://www.bleepingcomputer.com/news/security/apt28-uses-lojax-first-uefi-rootkit-seen-in-the-wild/"
+          "https://www.bleepingcomputer.com/news/security/apt28-uses-lojax-first-uefi-rootkit-seen-in-the-wild/",
+          "https://www.accenture.com/us-en/blogs/blogs-snakemackerel-delivers-zekapab-malware"
         ],
         "synonyms": [
           "APT 28",
@@ -2110,6 +2111,7 @@
           "PawnStorm",
           "Fancy Bear",
           "Sednit",
+          "SNAKEMACKEREL",
           "TsarTeam",
           "Tsar Team",
           "TG-4127",

From cc22da120035a89ad6b417b299a49df0247b18e6 Mon Sep 17 00:00:00 2001
From: Daniel Plohmann <plohmann@cs.uni-bonn.de>
Date: Wed, 19 Dec 2018 11:28:44 +0100
Subject: [PATCH 2/2] Microsoft alias for apt29 is YTTRIUM

---
 clusters/threat-actor.json | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index f18181b0..f4d6886c 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -2175,7 +2175,8 @@
           "https://www.us-cert.gov/sites/default/files/publications/AR-17-20045_Enhanced_Analysis_of_GRIZZLY_STEPPE_Activity.pdf",
           "https://www.fireeye.com/blog/threat-research/2017/03/dissecting_one_ofap.html",
           "https://www.cfr.org/interactive/cyber-operations/dukes",
-          "https://pylos.co/2018/11/18/cozybear-in-from-the-cold/"
+          "https://pylos.co/2018/11/18/cozybear-in-from-the-cold/",
+          "https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/analysis-of-cyberattack-on-u-s-think-tanks-non-profits-public-sector-by-unidentified-attackers/"
         ],
         "synonyms": [
           "Dukes",
@@ -2193,7 +2194,8 @@
           "The Dukes",
           "Minidionis",
           "SeaDuke",
-          "Hammer Toss"
+          "Hammer Toss",
+          "YTTRIUM"
         ]
       },
       "related": [