From 0ad65fbe9fba92f85ec91674af2786d7996ce4ac Mon Sep 17 00:00:00 2001
From: 3c7 <Nils.Kuhnert@posteo.de>
Date: Thu, 28 Apr 2022 09:42:25 +0200
Subject: [PATCH] Forgot to jq all the things

---
 clusters/threat-actor.json | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index fc735ba0..c8829930 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -9167,22 +9167,22 @@
     },
     {
       "description": "A group targeting UA state organizations using the GraphSteel and GrimPlant malware.",
-      "uuid": "c67d3dfb-ab39-46e1-a971-5efdfe6a5b9f",
-      "value": "SaintBear",
       "meta": {
-        "synonyms": [
-          "UNC2589",
-          "TA471",
-          "UAC-0056"
-        ],
         "refs": [
           "https://malpedia.caad.fkie.fraunhofer.de/details/win.graphsteel",
           "https://cert.gov.ua/article/38374",
           "https://blog.malwarebytes.com/threat-intelligence/2022/04/new-uac-0056-activity-theres-a-go-elephant-in-the-room/",
           "https://www.intezer.com/blog/research/elephant-malware-targeting-ukrainian-orgs/",
           "https://www.sentinelone.com/blog/threat-actor-uac-0056-targeting-ukraine-with-fake-translation-software/"
+        ],
+        "synonyms": [
+          "UNC2589",
+          "TA471",
+          "UAC-0056"
         ]
-      }
+      },
+      "uuid": "c67d3dfb-ab39-46e1-a971-5efdfe6a5b9f",
+      "value": "SaintBear"
     }
   ],
   "version": 219