Here are seven questions that I think will help build out this "family tree". All contributors names will be kept completely confidential.
If you have additional questions that you think should be asked, feel free to suggest them and I'll update this post. Once there's enough information to build out a first iteration of a genealogy, I'll post it in an online Wiki for peer-review.
- To your knowledge, who first discovered this group, and what were the circumstances?
- When did you discover it?
- What name do you use to identify it?
- What distinguishing characteristics do you use to differentiate it from other APT threat actors?
- Which public and private agencies/corporations do you share information about this group with?
- When information is shared about this group, have you noticed a difference in quality of data?
- Do you have a data quality management plan for cyber threat intelligence at your company?
My contact information is here at the bottom of the web page. Just click the "Email" link. Thanks very much for your help.