From f621b40263965b3575b6b97c0af8d28f3903f5b8 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Fri, 22 Feb 2019 22:47:25 +0100
Subject: [PATCH] chg: [threat-actor] jq all the things late in the night

---
 clusters/tool.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/clusters/tool.json b/clusters/tool.json
index 793f95f..7dc0272 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -7544,14 +7544,14 @@
       "value": "ANEL"
     },
     {
-      "value": "BabyShark",
-      "uuid": "78ed653d-2d76-4a99-849e-1509e4573c32",
       "description": "BabyShark is a relatively new malware. The earliest sample we found from open source repositories and our internal data sets was seen in November 2018. The malware is launched by executing the first stage HTA from a remote location, thus it can be delivered via different file types including PE files as well as malicious documents. It exfiltrates system information to C2 server, maintains persistence on the system, and waits for further instruction from the operator.",
       "meta": {
         "refs": [
           "https://unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks/"
         ]
-      }
+      },
+      "uuid": "78ed653d-2d76-4a99-849e-1509e4573c32",
+      "value": "BabyShark"
     }
   ],
   "version": 110