From c3061256792b324e271faf988f7ca8e22aba3939 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Mon, 18 Dec 2023 14:43:21 +0100
Subject: [PATCH] fix: [threat-actor] fix JSON

---
 clusters/threat-actor.json | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index f9cfe23..e9b6cc9 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13789,13 +13789,15 @@
     {
       "description": "First disclosed in 2023, the Sandman APT is likely associated with suspected China-based threat clusters known for using the KEYPLUG backdoor, specifically STORM-0866/Red Dev 40. Sandman is tracked as a distinct cluster, pending additional conclusive information. A notable characteristic is its use of the LuaDream backdoor. LuaDream is based on the Lua platform, a relatively rare occurrence in the cyberespionage domain, historically associated with APTs considered Western or Western-aligned.",
       "meta": {
+        "attribution-confidence": "50",
+        "cfr-suspected-state-sponsor": "China",
         "cfr-suspected-victims": [
           "Middle East",
           "Southeast Asian",
           "France",
           "Egypt",
           "Sudan",
-          "South Sudan"
+          "South Sudan",
           "Libya",
           "Turkey",
           "Saudi Arabia",
@@ -13814,10 +13816,8 @@
           "Government",
           "Telecommunications"
         ],
-        "attribution-confidence": "50",
-        "country": "CN",
-        "cfr-suspected-state-sponsor": "China",
         "cfr-type-of-incident": "Espionage",
+        "country": "CN",
         "references": [
           "https://www.sentinelone.com/labs/sandman-apt-china-based-adversaries-embrace-lua/",
           "https://www.sentinelone.com/labs/sandman-apt-a-mystery-group-targeting-telcos-with-a-luajit-toolkit/"
@@ -13827,5 +13827,5 @@
       "value": "Sandman APT"
     }
   ],
-  "version": 295
+  "version": 296
 }