From 84adb50f0f6a4a59a6730c195a50a988ec54aae7 Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Tue, 7 Aug 2018 13:55:05 +0200
Subject: [PATCH] add RedAlpha campaigns

---
 clusters/threat-actor.json | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index fce56638..2b4c7671 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -3796,6 +3796,17 @@
           "https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/"
         ]
       }
+    },
+    {
+      "value": "RedAlpha",
+      "description": "Recorded Future’s Insikt Group has identified two new cyberespionage campaigns targeting the Tibetan Community over the past two years. The campaigns, which we are collectively naming RedAlpha, combine light reconnaissance, selective targeting, and diverse malicious tooling. We discovered this activity as the result of pivoting off of a new malware sample observed targeting the Tibetan community based in India.",
+      "meta": {
+        "refs": [
+          "https://www.recordedfuture.com/redalpha-cyber-campaigns/",
+          "https://go.recordedfuture.com/hubfs/reports/cta-2018-0626.pdf"
+        ]
+      },
+      "uuid": "71a3b962-9a36-11e8-88f8-b31d20c6fa2a"
     }
   ],
   "name": "Threat actor",
@@ -3810,5 +3821,5 @@
   ],
   "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.",
   "uuid": "7cdff317-a673-4474-84ec-4f1754947823",
-  "version": 49
+  "version": 50
 }