diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 85fe4e9..c51341d 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -14499,6 +14499,29 @@
       },
       "uuid": "5ec7a98e-9725-4f87-8a6e-91e2b4ba04ac",
       "value": "Storm-1044"
+    },
+    {
+      "description": "Agonizing Serpens is an Iranian-linked APT group that has been active since 2020. They are known for their destructive wiper and fake-ransomware attacks, primarily targeting Israeli organizations in the education and technology sectors. The group has strong connections to Iran's Ministry of Intelligence and Security and has been observed using various tools and techniques to bypass security measures. They aim to steal sensitive information, including PII and intellectual property, and inflict damage by wiping endpoints.",
+      "meta": {
+        "country": "IR",
+        "refs": [
+          "https://www.oodaloop.com/archive/2024/01/02/critical-infrastructure-remains-the-brass-ring-for-cyber-attackers-in-2024/",
+          "https://unit42.paloaltonetworks.com/agonizing-serpens-targets-israeli-tech-higher-ed-sectors/",
+          "https://socprime.com/blog/agonizing-serpens-attack-detection-iran-backed-hackers-target-israeli-tech-firms-and-educational-institutions/",
+          "https://therecord.media/iran-linked-hackers-target-israel-education-tech-sectors",
+          "https://www.enigmasoftware.com/moneybirdransomware-removal/",
+          "https://research.checkpoint.com/2023/agrius-deploys-moneybird-in-targeted-attacks-against-israeli-organizations/"
+        ],
+        "synonyms": [
+          "AMERICIUM",
+          "BlackShadow",
+          "DEV-0022",
+          "Agrius",
+          "Agonizing Serpens"
+        ]
+      },
+      "uuid": "0876c327-c82a-45f7-82fa-267c312ceb05",
+      "value": "Pink Sandstorm"
     }
   ],
   "version": 298