diff --git a/clusters/botnet.json b/clusters/botnet.json
index 4922a88..ac9d202 100644
--- a/clusters/botnet.json
+++ b/clusters/botnet.json
@@ -1293,7 +1293,6 @@
       "value": "Ripprbot"
     },
     {
-      "Value": "EnemyBot",
       "description": "In mid-March [2022], FortiGuard Labs observed a new DDoS botnet calling itself “Enemybot” and attributing itself to Keksec, a threat group that specializes in cryptomining and DDoS attacks.\n\nThis botnet is mainly derived from Gafgyt’s source code but has been observed to borrow several modules from Mirai’s original source code.\n\nIt uses several methods of obfuscation for its strings to hinder analysis and hide itself from other botnets. Furthermore, it connects to a command-and-control (C2) server that is hidden in the Tor network, making its takedown more complicated.\n\nEnemybot has been seen targeting routers from Seowon Intech, D-Link, and exploits a recently reported iRZ router vulnerability to infect more devices.",
       "meta": {
         "refs": [
@@ -1326,7 +1325,8 @@
           "type": "variant-of"
         }
       ],
-      "uuid": "a5a067c9-c4d7-4f33-8e6f-01b903f89908"
+      "uuid": "a5a067c9-c4d7-4f33-8e6f-01b903f89908",
+      "value": "EnemyBot"
     }
   ],
   "version": 26