From 564f27c5cae849973e3b7bd2f3776ed23669dadf Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Sat, 18 Jan 2020 17:26:45 +0100
Subject: [PATCH] chg: [threat-actor] format fixed

---
 clusters/threat-actor.json | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 55dc4c5..aee9134 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -7874,15 +7874,17 @@
       "value": "SideWinder"
     },
     {
-      "country": "CN",
       "description": "Based on the evidence we have presented Symantec attributed the activity involving theDripion malware to the Budminer advanced threat group. While we have not seen newcampaigns using Taidoor malware since 2014, we believe the Budminer group has changedtactics to avoid detection after being outed publicly in security white papers and blogs over thepast few years.",
-      "meta": [
-        "https://www.symantec.com/connect/blogs/taiwan-targeted-new-cyberespionage-back-door-trojan",
-        "https://app.box.com/s/xqh458fe1url7mgl072hhd0yxqw3x0jm",
-        "https://www.research-collection.ethz.ch/bitstream/handle/20.500.11850/389371/1/Cyber-Reports-2020-01-A-one-sided-Affair.pdf"
-      ],
-      "suspected-victims": "Taiwan",
-      "synonyms": "Budminer cyberespionage group",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://www.symantec.com/connect/blogs/taiwan-targeted-new-cyberespionage-back-door-trojan",
+          "https://app.box.com/s/xqh458fe1url7mgl072hhd0yxqw3x0jm",
+          "https://www.research-collection.ethz.ch/bitstream/handle/20.500.11850/389371/1/Cyber-Reports-2020-01-A-one-sided-Affair.pdf"
+        ],
+        "suspected-victims": "Taiwan",
+        "synonyms": "Budminer cyberespionage group"
+      },
       "uuid": "2eb0dc7a-cef6-4744-92ac-2fe269dacb95",
       "value": "Budminer"
     }