diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 219d4cd..3b0c82d 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12403,6 +12403,19 @@
       },
       "uuid": "e1941666-dcde-4f31-8a56-8041ac82bb99",
       "value": "NB65"
+    },
+    {
+      "description": "IndigoZebra is a Chinese state-sponsored actor mentioned for the first time by Kaspersky in its APT Trends report Q2 2017, targeting, at the time of its discovery, former Soviet Republics with multiple malware strains including Meterpreter, Poison Ivy, xDown, and a previously unknown backdoor called “xCaon.”",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://research.checkpoint.com/2021/indigozebra-apt-continues-to-attack-central-asia-with-evolving-tools/",
+          "https://www.rewterz.com/rewterz-news/rewterz-threat-intel-indigozebra-apt-group-targeting-central-asia-active-iocs",
+          "https://securelist.com/apt-trends-report-q2-2017/79332/"
+        ]
+      },
+      "uuid": "79e826b0-b051-4a61-b38c-496021b3afdb",
+      "value": "IndigoZebra"
     }
   ],
   "version": 289