diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 4fe0513..300d507 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13080,6 +13080,17 @@
       },
       "uuid": "df697450-57e0-496b-982c-a167ed41f023",
       "value": "UNC4191"
+    },
+    {
+      "description": "DragonSpark is a threat actor that has been conducting attacks primarily targeting organizations in East Asia. They utilize the open-source tool SparkRAT, which is a multi-platform and frequently updated remote access Trojan. The threat actor is believed to be Chinese-speaking based on their use of Chinese language support and compromised infrastructure located in China and Taiwan. They employ various techniques to evade detection, including Golang source code interpretation and the use of the China Chopper webshell.",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://www.sentinelone.com/labs/dragonspark-attacks-evade-detection-with-sparkrat-and-golang-source-code-interpretation/"
+        ]
+      },
+      "uuid": "a219a78b-7b91-41b1-bf14-91e31e0bb9da",
+      "value": "DragonSpark"
     }
   ],
   "version": 294