diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index ca920f9..60758f0 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12834,6 +12834,17 @@
       },
       "uuid": "e03a7ecb-b8a1-40c5-b5af-638ee6029374",
       "value": "SCARLETEEL"
+    },
+    {
+      "description": "DiceyF is an advanced persistent threat group that has been targeting online casinos and other victims in Southeast Asia for an extended period. They have exhibited overlapping activity with LuckyStar PlugX and Earth Berberoka/GamblingPuppet, as reported by various cybersecurity vendors. While their motivations remain unclear, previous incidents suggest a combination of espionage and intellectual property theft rather than immediate financial gain. DiceyF continuously evolves their codebase and adds encryption capabilities to enhance their stealthy cyberespionage activities.",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://securelist.com/diceyf-deploys-gameplayerframework-in-online-casino-development-studio/107723/"
+        ]
+      },
+      "uuid": "46de4091-379f-478c-bb6d-5833e2047f15",
+      "value": "DiceyF"
     }
   ],
   "version": 293