From ed351b4eae13b0820f5f590ad67d101b982ed4a2 Mon Sep 17 00:00:00 2001
From: Rony <49360849+r0ny123@users.noreply.github.com>
Date: Wed, 1 May 2019 15:24:59 +0530
Subject: [PATCH] updated FIN4

---
 clusters/threat-actor.json | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 24c73ed..dd846ac 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -2619,15 +2619,22 @@
       "value": "Berserk Bear"
     },
     {
+      "description": "FIN4 is a financially-motivated threat group that has targeted confidential information related to the public financial market, particularly regarding healthcare and pharmaceutical companies, since at least 2013. FIN4 is unique in that they do not infect victims with typical persistent malware, but rather they focus on capturing credentials authorized to access email and other non-public correspondence.",
       "meta": {
         "attribution-confidence": "50",
         "country": "RO",
-        "synonyms": [
-          "FIN4"
+        "refs": [
+          "https://www.reuters.com/article/2015/06/23/us-hackers-insidertrading-idUSKBN0P31M720150623",
+          "https://www.fireeye.com/blog/threat-research/2014/11/fin4_stealing_insid.html",
+          "https://www2.fireeye.com/rs/fireye/images/rpt-fin4.pdf",
+          "https://pwc.blogs.com/cyber_security_updates/2015/06/unfin4ished-business.html"
+        ],
+         "synonyms": [
+           "Wolf Spider"
         ]
       },
       "uuid": "ff449346-aa9f-45f6-b482-71e886a5cf57",
-      "value": "Wolf Spider"
+      "value": "FIN4"
     },
     {
       "description": "First observed activity in December 2013.",