diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 4de8e76..48654f4 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13940,6 +13940,16 @@
       },
       "uuid": "7b8845d9-d7f5-4895-9dcc-54da3492bd55",
       "value": "KelvinSecurity"
+    },
+    {
+      "description": "Storm-1113 is a threat actor that acts both as an access broker focused on malware distribution through search advertisements and as an “as-a-service” entity providing malicious installers and landing page frameworks. In Storm-1113 malware distribution campaigns, users are directed to landing pages mimicking well-known software that host installers, often MSI files, that lead to the installation of malicious payloads. Storm-1113 is also the developer of EugenLoader, a commodity malware first observed around November 2022.",
+      "meta": {
+        "refs": [
+          "https://www.microsoft.com/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/"
+        ]
+      },
+      "uuid": "993e81e8-63f4-4666-9538-4053a69287ba",
+      "value": "Storm-1113"
     }
   ],
   "version": 296