diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index e80a502d..4ef2ac39 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12452,6 +12452,17 @@
       },
       "uuid": "cdcfd3e1-4e42-4746-b1f1-66d5ce27b4da",
       "value": "HiddenArt"
+    },
+    {
+      "description": "Elastic's security team has published a report on REF5961, a cyber-espionage group they found on the network of a Foreign Affairs Ministry from a member of the Association of Southeast Asian Nations (ASEAN). Elastic says it found the group's tools next to the malware of another cyber-espionage group it tracks as REF2924. REF5961's arsenal includes malware such as EAGERBEE, RUDEBIRD, and DOWNTOWN.",
+      "meta": {
+        "refs": [
+          "https://www.elastic.co/security-labs/introducing-the-ref5961-intrusion-set",
+          "https://www.elastic.co/security-labs/disclosing-the-bloodalchemy-backdoor"
+        ]
+      },
+      "uuid": "64234b2e-0c78-466d-8253-0df339f99f5f",
+      "value": "REF5961"
     }
   ],
   "version": 289