diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index bf0c65b4..89c06111 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -1782,6 +1782,40 @@
       "uuid": "ba724df5-9aa0-45ca-8e0e-7101c208ae48",
       "value": "Flying Kitten"
     },
+    {
+      "description": "One of the threat actors responsible for the denial of service attacks against U.S in 2012–2013. Three individuals associated with the group—believed to be have been working on behalf of Iran’s Islamic Revolutionary Guard Corps—were indicted by the Justice Department in 2016.",
+      "meta": {
+        "attribution-confidence": "50",
+        "cfr-suspected-state-sponsor": "Iran (Islamic Republic of)",
+        "cfr-suspected-victims": [
+          "United States",
+          "Bank of America",
+          "US Bancorp",
+          "Fifth Third Bank",
+          "Citigroup",
+          "PNC",
+          "BB&T",
+          "Wells Fargo",
+          "Capital One",
+          "HSBC",
+          "AT&T",
+          "NYSE"
+        ],
+        "cfr-type-of-incident": [
+          "Denial of service"
+        ],
+        "country": "IR",
+        "refs": [
+          "https://www.cfr.org/interactive/cyber-operations/itsecteam",
+          "https://www.justice.gov/usao-sdny/file/835061/download"
+        ],
+        "synonyms": [
+          "ITsecTeam"
+        ]
+      },
+      "uuid": "11e17436-6ede-4733-8547-4ce0254ea19e",
+      "value": "Cutting Kitten"
+    },
     {
       "description": "Charming Kitten (aka Parastoo, aka Newscaster) is an group with a suspected nexus to Iran that targets organizations involved in government, defense technology, military, and diplomacy sectors.",
       "meta": {
@@ -9555,40 +9589,6 @@
       "uuid": "091a0b69-74de-44b6-bb12-16b7a8fd078b",
       "value": "ToddyCat"
     },
-    {
-      "description": "One of the threat actors responsible for the denial of service attacks against U.S in 2012–2013. Three individuals associated with the group—believed to be have been working on behalf of Iran’s Islamic Revolutionary Guard Corps—were indicted by the Justice Department in 2016.",
-      "meta": {
-        "attribution-confidence": "50",
-        "cfr-suspected-state-sponsor": "Iran (Islamic Republic of)",
-        "cfr-suspected-victims": [
-          "United States",
-          "Bank of America",
-          "US Bancorp",
-          "Fifth Third Bank",
-          "Citigroup",
-          "PNC",
-          "BB&T",
-          "Wells Fargo",
-          "Capital One",
-          "HSBC",
-          "AT&T",
-          "NYSE"
-        ],
-        "cfr-type-of-incident": [
-          "Denial of service"
-        ],
-        "country": "IR",
-        "refs": [
-          "https://www.cfr.org/interactive/cyber-operations/itsecteam",
-          "https://www.justice.gov/usao-sdny/file/835061/download"
-        ],
-        "synonyms": [
-          "ITsecTeam"
-        ]
-      },
-      "uuid": "7a3f505b-10e9-4177-a96f-d476b55fd3dd",
-      "value": "CUTTING KITTEN"
-    },
     {
       "description": "Microsoft successfully detected and disabled attack activity abusing OneDrive by a previously undocumented Lebanon-based activity group Microsoft Threat Intelligence Center (MSTIC) tracks as POLONIUM.",
       "meta": {