From fa813f0f20fd15dd3d31099b97a6cef4f39ce30b Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Tue, 8 Aug 2017 12:40:35 +0200
Subject: [PATCH] jq~

---
 clusters/tool.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/clusters/tool.json b/clusters/tool.json
index 0d2785d6..9498d3b7 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -2920,7 +2920,7 @@
         "refs": [
           "https://researchcenter.paloaltonetworks.com/2017/07/unit42-twoface-webshell-persistent-access-point-lateral-movement/"
         ]
-      },
+      }
     },
     {
       "description": "Like TwoFace, the IntrudingDivisor webshell requires the threat actor to authenticate before issuing commands. To authenticate, the actor must provide two pieces of information, first an integer that is divisible by 5473 and a string whose MD5 hash is “9A26A0E7B88940DAA84FC4D5E6C61AD0”. Upon successful authentication, the webshell has a command handler that uses integers within the request to determine the command to execute - To complete",