diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index fbb23b7..2b4b2c8 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -14540,6 +14540,21 @@
       },
       "uuid": "0876c327-c82a-45f7-82fa-267c312ceb05",
       "value": "Pink Sandstorm"
+    },
+    {
+      "description": "Storm-1084 is a threat actor that has been observed collaborating with the MuddyWater group. They have used the DarkBit persona to mask their involvement in targeted attacks. Storm-1084 has been linked to destructive actions, including the encryption of on-premise devices and deletion of cloud resources. They have been observed using tools such as Rport, Ligolo, and a customized PowerShell backdoor. The extent of their autonomy or collaboration with other Iranian threat actors is currently unclear.",
+      "meta": {
+        "country": "IR",
+        "refs": [
+          "https://circleid.com/posts/20230824-signs-of-muddywater-developments-found-in-the-dns",
+          "https://www.microsoft.com/en-us/security/blog/2023/04/07/mercury-and-dev-1084-destructive-attack-on-hybrid-environment/"
+        ],
+        "synonyms": [
+          "DEV-1084"
+        ]
+      },
+      "uuid": "2cc32087-f242-4091-8634-4554635b7a58",
+      "value": "Storm-1084"
     }
   ],
   "version": 298