diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 3eb6dbf7..5fa42985 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -1579,6 +1579,18 @@
           "https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdf"
         ]
       }
+    },
+    {
+      "meta": {
+        "refs": [
+          "https://www.fireeye.com/blog/threat-research/2016/05/windows-zero-day-payment-cards.html",
+	  "https://www2.fireeye.com/WBNR-Know-Your-Enemy-UNC622-Spear-Phishing.html",
+          "https://www.root9b.com/sites/default/files/whitepapers/PoS%20Malware%20ShellTea%20PoSlurp.pdf",
+	  "http://files.shareholder.com/downloads/AMDA-254Q5F/0x0x938351/665BA6A3-9573-486C-B96F-80FA35759E8C/FEYE_rpt-mtrends-2017_FINAL2.pdf"
+	]
+      },
+      "description": "FIN8 is a financially motivated group targeting the retail, hospitality and entertainment industries. The actor had previously conducted several tailored spearphishing campaigns using the downloader PUNCHBUGGY and POS malware PUNCHTRACK.",
+      "value": "FIN8"
     }
   ],
   "name": "Threat actor",