From ed351b4eae13b0820f5f590ad67d101b982ed4a2 Mon Sep 17 00:00:00 2001
From: Rony <49360849+r0ny123@users.noreply.github.com>
Date: Wed, 1 May 2019 15:24:59 +0530
Subject: [PATCH 1/5] updated FIN4

---
 clusters/threat-actor.json | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 24c73ed3..dd846acf 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -2619,15 +2619,22 @@
       "value": "Berserk Bear"
     },
     {
+      "description": "FIN4 is a financially-motivated threat group that has targeted confidential information related to the public financial market, particularly regarding healthcare and pharmaceutical companies, since at least 2013. FIN4 is unique in that they do not infect victims with typical persistent malware, but rather they focus on capturing credentials authorized to access email and other non-public correspondence.",
       "meta": {
         "attribution-confidence": "50",
         "country": "RO",
-        "synonyms": [
-          "FIN4"
+        "refs": [
+          "https://www.reuters.com/article/2015/06/23/us-hackers-insidertrading-idUSKBN0P31M720150623",
+          "https://www.fireeye.com/blog/threat-research/2014/11/fin4_stealing_insid.html",
+          "https://www2.fireeye.com/rs/fireye/images/rpt-fin4.pdf",
+          "https://pwc.blogs.com/cyber_security_updates/2015/06/unfin4ished-business.html"
+        ],
+         "synonyms": [
+           "Wolf Spider"
         ]
       },
       "uuid": "ff449346-aa9f-45f6-b482-71e886a5cf57",
-      "value": "Wolf Spider"
+      "value": "FIN4"
     },
     {
       "description": "First observed activity in December 2013.",

From 3b185d8435582999d3cd3faf79fcbaba6773d066 Mon Sep 17 00:00:00 2001
From: Rony <49360849+r0ny123@users.noreply.github.com>
Date: Wed, 1 May 2019 15:40:10 +0530
Subject: [PATCH 2/5] Update threat-actor.json

---
 clusters/threat-actor.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index dd846acf..29dab9cf 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -2629,7 +2629,7 @@
           "https://www2.fireeye.com/rs/fireye/images/rpt-fin4.pdf",
           "https://pwc.blogs.com/cyber_security_updates/2015/06/unfin4ished-business.html"
         ],
-         "synonyms": [
+        "synonyms": [
            "Wolf Spider"
         ]
       },

From c565f61761be06e360ab133dc2ee2aacdcf1c72e Mon Sep 17 00:00:00 2001
From: Rony <49360849+r0ny123@users.noreply.github.com>
Date: Wed, 1 May 2019 15:51:56 +0530
Subject: [PATCH 3/5] Update threat-actor.json

---
 clusters/threat-actor.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 29dab9cf..0ce1a0f7 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -8,7 +8,7 @@
   ],
   "category": "actor",
   "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.",
-  "name": "Threat actor",
+  "name": "Threat actor",226
   "source": "MISP Project",
   "type": "threat-actor",
   "uuid": "7cdff317-a673-4474-84ec-4f1754947823",
@@ -2630,7 +2630,7 @@
           "https://pwc.blogs.com/cyber_security_updates/2015/06/unfin4ished-business.html"
         ],
         "synonyms": [
-           "Wolf Spider"
+          "Wolf Spider"
         ]
       },
       "uuid": "ff449346-aa9f-45f6-b482-71e886a5cf57",

From 0afaf814380cc70eb3e7ecf673ec0655bb2ab371 Mon Sep 17 00:00:00 2001
From: Rony <49360849+r0ny123@users.noreply.github.com>
Date: Wed, 1 May 2019 15:54:38 +0530
Subject: [PATCH 4/5] Update threat-actor.json

---
 clusters/threat-actor.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 0ce1a0f7..e9523328 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -8,7 +8,7 @@
   ],
   "category": "actor",
   "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.",
-  "name": "Threat actor",226
+  "name": "Threat actor",
   "source": "MISP Project",
   "type": "threat-actor",
   "uuid": "7cdff317-a673-4474-84ec-4f1754947823",

From 37da9bebdf3d177e047de48279c8fe50d78346c0 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Wed, 1 May 2019 17:41:03 +0200
Subject: [PATCH 5/5] chg: [threat-actor] FIN4 updates

---
 clusters/threat-actor.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index e9523328..7e79a6e6 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -2630,11 +2630,11 @@
           "https://pwc.blogs.com/cyber_security_updates/2015/06/unfin4ished-business.html"
         ],
         "synonyms": [
-          "Wolf Spider"
+          "FIN4"
         ]
       },
       "uuid": "ff449346-aa9f-45f6-b482-71e886a5cf57",
-      "value": "FIN4"
+      "value": "Wolf Spider"
     },
     {
       "description": "First observed activity in December 2013.",