From f842694fda3fc4cef4e05037fcad436c23b6fcf1 Mon Sep 17 00:00:00 2001
From: Thomas Dupuy <thom4s.d@gmail.com>
Date: Tue, 2 Mar 2021 14:37:01 -0500
Subject: [PATCH] Update Infy TA.

---
 clusters/threat-actor.json | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 74ca0d2..34712fe 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -4308,9 +4308,12 @@
         "cfr-type-of-incident": "Espionage",
         "country": "IR",
         "refs": [
+          "https://www.intezer.com/prince-of-persia-the-sands-of-foudre/",
+          "https://www.freebuf.com/articles/network/105726.html",
           "https://www.blackhat.com/docs/us-16/materials/us-16-Guarnieri-Iran-And-The-Soft-War-For-Internet-Dominance-wp.pdf",
           "https://iranthreats.github.io/",
           "http://researchcenter.paloaltonetworks.com/2016/05/prince-of-persia-infy-malware-active-in-decade-of-targeted-attacks/",
+          "http://researchcenter.paloaltonetworks.com/2016/06/unit42-prince-of-persia-game-over/",
           "https://researchcenter.paloaltonetworks.com/2017/08/unit42-prince-persia-ride-lightning-infy-returns-foudre/",
           "https://www.cfr.org/interactive/cyber-operations/prince-persia",
           "https://unit42.paloaltonetworks.com/prince-of-persia-infy-malware-active-in-decade-of-targeted-attacks/",
@@ -4318,7 +4321,8 @@
         ],
         "synonyms": [
           "Operation Mermaid",
-          "Prince of Persia"
+          "Prince of Persia",
+          "Foudre"
         ]
       },
       "uuid": "1671be1b-c844-48f5-84c8-54ac4fe4d71e",