diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 31a073b..5808caa 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12299,6 +12299,17 @@
       },
       "uuid": "2031ae01-e962-4861-a224-0934af6cdd3a",
       "value": "YoroTrooper"
+    },
+    {
+      "description": "Metador primarily targets telecommunications, internet service providers, and universities in several countries in the Middle East and Africa. Metador’s attack chains are designed to bypass native security solutions while deploying malware platforms directly into memory. SentinelLabs researchers discovered variants of two long-standing Windows malware platforms, and indications of an additional Linux implant.",
+      "meta": {
+        "refs": [
+          "https://www.sentinelone.com/labs/the-mystery-of-metador-unpicking-mafaldas-anti-analysis-techniques/",
+          "https://www.sentinelone.com/labs/the-mystery-of-metador-an-unattributed-threat-hiding-in-telcos-isps-and-universities/"
+        ]
+      },
+      "uuid": "5d22315b-55ef-4d8a-86aa-00ba38057641",
+      "value": "Metador"
     }
   ],
   "version": 289