diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 5a8cf09..e1f9d81 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -1536,6 +1536,16 @@
       },
       "value": "APT32",
       "description": "Cyber espionage actors, now designated by FireEye as APT32 (OceanLotus Group), are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign governments, dissidents, and journalists. FireEye assesses that APT32 leverages a unique suite of fully-featured malware, in conjunction with commercially-available tools, to conduct targeted operations that are aligned with Vietnamese state interests."
+    },
+    {
+      "value": "SilverTerrier",
+      "description": "As these tools rise and fall in popularity (and more importantly, as detection rates by antivirus vendors improve), SilverTerrier actors have consistently adopted new malware families and shifted to the latest packing tools available. ",
+      "meta": {
+        "country": "NG",
+        "refs": [
+          "https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/Unit_42/silverterrier-next-evolution-in-nigerian-cybercrime.pdf"
+        ]
+      }
     }
   ],
   "name": "Threat actor",
@@ -1550,5 +1560,5 @@
   ],
   "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.",
   "uuid": "7cdff317-a673-4474-84ec-4f1754947823",
-  "version": 20
+  "version": 21
 }