add Hagga threat actor

2024-11-22 14:57:18 +00:00 · 2023-05-22 15:44:18 +02:00 · 2023-05-22 15:44:18 +02:00 · 18ee466ae4
commit 18ee466ae4
parent 9c9561bce8
2 changed files with 29 additions and 2 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -11337,7 +11337,27 @@
      },
      "uuid": "aac49b4e-74e9-49fa-84f9-e340cf8bafbc",
      "value": "APT43"
+    },
+    {
+      "description": "Hagga is believed to have been using Agent Tesla, 2021’s sixth most prevalent malware, to steal sensitive information from his victims since the latter part of 2021.",
+      "meta": {
+        "refs": [
+          "https://www.team-cymru.com/post/an-analysis-of-infrastructure-linked-to-the-hagga-threat-actor",
+          "https://otx.alienvault.com/pulse/62cfe4ef3415be5f83be81d1"
+        ]
+      },
+      "related": [
+        {
+          "dest-uuid": "f8cd62cb-b9d3-4352-8f46-0961cfde104c",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "uses"
+        }
+      ],
+      "uuid": "1e318d85-79c7-4988-83b7-ff86a974786c",
+      "value": "Hagga"
    }
  ],
-  "version": 273
+  "version": 274
 }
--- a/clusters/tool.json
+++ b/clusters/tool.json
@ -6308,6 +6308,13 @@
            "estimative-language:likelihood-probability=\"likely\""
          ],
          "type": "similar"
+        },
+        {
+          "dest-uuid": "1e318d85-79c7-4988-83b7-ff86a974786c",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "used-by"
        }
      ],
      "uuid": "f8cd62cb-b9d3-4352-8f46-0961cfde104c",
@ -10596,5 +10603,5 @@
      "value": "VENOMBITE"
    }
  ],
-  "version": 167
+  "version": 168
 }