diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index e12ad26..ea628be 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -8964,6 +8964,23 @@
       },
       "uuid": "a57e5bf5-d7f4-43a1-9c15-8a44cdb95079",
       "value": "TA2541"
+    },
+    {
+      "description": "Cybereason Nocturnus describes Moses Staff as an Iranian hacker group, first spotted in October 2021. Their motivation appears to be to harm Israeli companies by leaking sensitive, stolen data.",
+      "meta": {
+        "country": "IR",
+        "refs": [
+          "https://twitter.com/campuscodi/status/1450455259202166799",
+          "https://research.checkpoint.com/2021/mosesstaff-targeting-israeli-companies/",
+          "https://www.cybereason.com/blog/strifewater-rat-iranian-apt-moses-staff-adds-new-trojan-to-ransomware-operations",
+          "https://www.fortinet.com/blog/threat-research/guard-your-drive-from-driveguard"
+        ],
+        "synonyms": [
+          "Moses Staff"
+        ]
+      },
+      "uuid": "d45dd940-b38d-4b2c-9f2f-3e4a0eac841c",
+      "value": "MosesStaff"
     }
   ],
   "version": 213