diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index b860894..08733cd 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -257,14 +257,14 @@
           "Tailgater",
           "Ragebeast",
           "Blackfly",
-	  "Lead",
-	  "Wicked Spider"
+          "Lead",
+          "Wicked Spider"
         ],
         "country": "CN",
         "refs": [
           "http://securelist.com/blog/research/57585/winnti-faq-more-than-just-a-game/",
           "http://williamshowalter.com/a-universal-windows-bootkit/",
-	  "https://blogs.technet.microsoft.com/mmpc/2017/01/25/detecting-threat-actors-in-recent-german-industrial-attacks-with-windows-defender-atp"
+          "https://blogs.technet.microsoft.com/mmpc/2017/01/25/detecting-threat-actors-in-recent-german-industrial-attacks-with-windows-defender-atp"
         ]
       },
       "value": "Axiom"
@@ -365,7 +365,7 @@
           "menuPass",
           "happyyongzi",
           "POTASSIUM",
-	  "DustStorm"
+          "DustStorm"
         ],
         "country": "CN"
       },
@@ -1053,7 +1053,7 @@
         ],
         "synonyms": [
           "Skipper",
-	  "Popeye"
+          "Popeye"
         ],
         "country": "RU"
       },
@@ -1281,7 +1281,7 @@
           "Gaza Hackers Team",
           "Operation Molerats",
           "Extreme Jackal",
-	  "Moonlight"
+          "Moonlight"
         ]
       }
     },
@@ -1417,10 +1417,10 @@
         ]
       }
     },
-  {
+    {
       "meta": {
         "country": "CHN",
-	"synonyms": [
+        "synonyms": [
           "Zhenbao"
         ],
         "refs": [
@@ -1430,23 +1430,23 @@
       "value": "Hammer Panda",
       "description": "Hammer Panda is a group of suspected Chinese origin targeting organisations in Russia."
     },
-  {
+    {
       "meta": {
-         "country": "CHN",
-         "refs": [
+        "country": "CHN",
+        "refs": [
           "https://blogs.technet.microsoft.com/mmpc/2017/01/25/detecting-threat-actors-in-recent-german-industrial-attacks-with-windows-defender-atp"
         ]
       },
       "value": "Barium",
       "description": "Barium is one of the groups using Winnti."
     },
- {
+    {
       "meta": {
-         "country": "IRN",
-	 "synonyms": [
+        "country": "IRN",
+        "synonyms": [
           "Operation Mermaid"
         ],
-         "refs": [
+        "refs": [
           "https://www.blackhat.com/docs/us-16/materials/us-16-Guarnieri-Iran-And-The-Soft-War-For-Internet-Dominance-wp.pdf"
         ]
       },
@@ -1455,8 +1455,8 @@
     },
     {
       "meta": {
-         "country": "IRN",
-         "refs": [
+        "country": "IRN",
+        "refs": [
           "https://www.blackhat.com/docs/us-16/materials/us-16-Guarnieri-Iran-And-The-Soft-War-For-Internet-Dominance-wp.pdf"
         ]
       },
@@ -1465,11 +1465,11 @@
     },
     {
       "meta": {
-         "country": "CHN",
-	 "synonyms": [
+        "country": "CHN",
+        "synonyms": [
           "Cloudy Omega"
         ],
-         "refs": [
+        "refs": [
           "https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/"
         ]
       },
@@ -1478,8 +1478,8 @@
     },
     {
       "meta": {
-         "country": "UKR",
-         "refs": [
+        "country": "UKR",
+        "refs": [
           "http://www.welivesecurity.com/2016/05/18/groundbait"
         ]
       },