diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index b021aa5..68e33ad 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13861,6 +13861,17 @@
       },
       "uuid": "0b792fbe-87c2-42c5-8d0d-97c7d47078b5",
       "value": "Solntsepek"
+    },
+    {
+      "description": "UNC4736 is a North Korean threat actor that has been involved in supply chain attacks targeting software chains of 3CX and X_TRADER. They have used malware strains such as TAXHAUL, Coldcat, and VEILEDSIGNAL to compromise Windows and macOS systems. UNC4736 has been linked to financially motivated cybercrime operations, particularly focused on cryptocurrency and fintech-related services. They have also demonstrated infrastructure overlap with other North Korean and APT43 activity.",
+      "meta": {
+        "country": "KP",
+        "refs": [
+          "https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise"
+        ]
+      },
+      "uuid": "afe5526e-e5e4-4b05-bc69-2bfb6785fc7e",
+      "value": "UNC4736"
     }
   ],
   "version": 296