From ff793bc221aff4ab70911115b9ea3b18eb7be1e1 Mon Sep 17 00:00:00 2001
From: Christophe Vandeplas <christophe@vandeplas.com>
Date: Fri, 29 Jun 2018 11:17:03 +0200
Subject: [PATCH] threatanalyzer_import - order of category tuned

---
 misp_modules/modules/import_mod/threatanalyzer_import.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/misp_modules/modules/import_mod/threatanalyzer_import.py b/misp_modules/modules/import_mod/threatanalyzer_import.py
index 757f849..83d8291 100755
--- a/misp_modules/modules/import_mod/threatanalyzer_import.py
+++ b/misp_modules/modules/import_mod/threatanalyzer_import.py
@@ -69,7 +69,7 @@ def handler(q=False):
                             results.append({
                                 'values': current_sample_filename,
                                 'data': base64.b64encode(file_data).decode(),
-                                'type': 'malware-sample', 'categories': ['Artifacts dropped', 'Payload delivery'], 'to_ids': True, 'comment': ''})
+                                'type': 'malware-sample', 'categories': ['Payload delivery', 'Artifacts dropped'], 'to_ids': True, 'comment': ''})
 
                 if 'Analysis/analysis.json' in zip_file_name:
                     with zf.open(zip_file_name, mode='r', pwd=None) as fp: