diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 39c195c..5cbfc37 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -15351,6 +15351,20 @@
       },
       "uuid": "ffb28c09-16a6-483a-817a-89c89751c9d4",
       "value": "UNC5325"
+    },
+    {
+      "description": "Earth Kapre is an APT group specializing in cyberespionage. They target organizations in various countries through phishing campaigns using malicious attachments to infect machines. Earth Kapre employs techniques like abusing PowerShell, curl, and Program Compatibility Assistant to execute malicious commands and evade detection within targeted networks. The group has been active since at least 2018 and has been linked to multiple incidents involving data theft and espionage.",
+      "meta": {
+        "refs": [
+          "https://www.trendmicro.com/en_us/research/24/c/unveiling-earth-kapre-aka-redcurls-cyberespionage-tactics-with-t.html"
+        ],
+        "synonyms": [
+          "RedCurl",
+          "Red Wolf"
+        ]
+      },
+      "uuid": "d4004926-bf12-4cfe-b141-563c8ffb304a",
+      "value": "Earth Kapre"
     }
   ],
   "version": 304