diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 9b80942..8b56512 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13614,6 +13614,17 @@
       },
       "uuid": "f0bb3d3a-c012-4d12-b621-51192977f190",
       "value": "TunnelSnake"
+    },
+    {
+      "description": "ScamClub is a threat actor involved in malvertising activities since 2018. They target the Mobile Web market segment, particularly on iOS devices, where security software is often lacking. ScamClub utilizes obfuscation techniques and real-time bidding integration with ad exchanges to push malicious JavaScript payloads, leading to forced redirects and various scams such as phishing and gift card scams.",
+      "meta": {
+        "refs": [
+          "https://blog.confiant.com/exploring-scamclub-payloads-via-deobfuscation-using-abstract-syntax-trees-65ef7f412537",
+          "https://www.malwarebytes.com/blog/threat-intelligence/2023/11/associated-press-espn-cbs-among-top-sites-serving-fake-virus-alerts"
+        ]
+      },
+      "uuid": "dae45b1c-f957-4242-aa5b-f36b08994bad",
+      "value": "ScamClub"
     }
   ],
   "version": 295