diff --git a/README.md b/README.md
index 8153184..c203427 100644
--- a/README.md
+++ b/README.md
@@ -535,7 +535,7 @@ Category: *tea-matrix* - source: ** - total: *7* elements
 
 [Threat Actor](https://www.misp-galaxy.org/threat-actor) - Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign. threat-actor-classification meta can be used to clarify the understanding of the threat-actor if also considered as operation, campaign or activity group.
 
-Category: *actor* - source: *MISP Project* - total: *707* elements
+Category: *actor* - source: *MISP Project* - total: *709* elements
 
 [[HTML](https://www.misp-galaxy.org/threat-actor)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json)]
 
diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 74e11bc..83885f5 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -16358,6 +16358,26 @@
       },
       "uuid": "745fd45f-9076-4c88-a977-01940bc0d36e",
       "value": "Water Sigbin"
+    },
+    {
+      "description": "Void Banshee is an APT group targeting North America, Europe, and Southeast Asia for information theft and financial gain. They exploit vulnerabilities like CVE-2024-38112 to deliver the Atlantida info-stealer through malicious PDFs disguised as book files. The group uses internet shortcuts with MHTML protocol handlers to access and execute files through disabled Internet Explorer, posing a significant threat to organizations. Void Banshee's TTPs include crafting URL strings to control window sizes in IE and using HTML files to hide malicious downloads from victims.",
+      "meta": {
+        "refs": [
+          "https://www.trendmicro.com/en_us/research/24/g/CVE-2024-38112-void-banshee.html"
+        ]
+      },
+      "uuid": "df584835-97da-4e27-ab35-bcd3c5bf7815",
+      "value": "Void Banshee"
+    },
+    {
+      "description": "CRYSTALRAY is a threat actor known for leveraging open source tools like zmap and SSH-Snake to conduct widespread vulnerability scanning and exploitation. They target victims to collect and sell credentials, deploy cryptominers, and maintain persistence in compromised environments. CRYSTALRAY uses multiple backdoors to control access and spreads through victim networks using SSH-Snake. The actor also uses tools like Platypus for managing victims and extracting sensitive information from compromised systems.",
+      "meta": {
+        "refs": [
+          "https://sysdig.com/blog/crystalray-rising-threat-actor-exploiting-oss-tools/"
+        ]
+      },
+      "uuid": "feeab818-a9bd-4bff-9923-bf8421abd6c5",
+      "value": "CRYSTALRAY"
     }
   ],
   "version": 312