From df5301eab526fb3e17f03dae0699c337d575937f Mon Sep 17 00:00:00 2001
From: Daniel Plohmann <daniel.plohmann@mailbox.org>
Date: Tue, 9 Apr 2019 08:38:44 +0200
Subject: [PATCH] adding FireEye's TMP.Lapis / APT36

---
 clusters/threat-actor.json | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index b40a7fe7..2aab5fea 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -6655,7 +6655,21 @@
       },
       "uuid": "401c30c7-4317-458a-9b0a-379a44d63457",
       "value": "Operation ShadowHammer"
+    },
+    {
+      "description": "FireEye details APT36 as a Pakistani espionage group that supports Pakistani military and diplomatic interests, targeting Indian military and government. Operations have been also observed in the US, Europe, and Central Asia. Uses social engineering emails, multiple open-source, and custom malware tools.",
+      "meta": {
+        "refs": [
+          "https://mkd-cirt.mk/wp-content/uploads/2018/08/20181009_3_1_M-Trends2018-May-2018-compressed.pdf"
+        ],
+        "synonyms": [
+          "APT 36",
+          "TMP.Lapis"
+        ]
+      },
+      "uuid": "80fad97c-df3a-44ea-a127-cf29833b4946",
+      "value": "APT36"
     }
   ],
-  "version": 105
+  "version": 106
 }