diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 871d273..6108c76 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -11337,7 +11337,27 @@
       },
       "uuid": "aac49b4e-74e9-49fa-84f9-e340cf8bafbc",
       "value": "APT43"
+    },
+    {
+      "description": "Hagga is believed to have been using Agent Tesla, 2021’s sixth most prevalent malware, to steal sensitive information from his victims since the latter part of 2021.",
+      "meta": {
+        "refs": [
+          "https://www.team-cymru.com/post/an-analysis-of-infrastructure-linked-to-the-hagga-threat-actor",
+          "https://otx.alienvault.com/pulse/62cfe4ef3415be5f83be81d1"
+        ]
+      },
+      "related": [
+        {
+          "dest-uuid": "f8cd62cb-b9d3-4352-8f46-0961cfde104c",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "uses"
+        }
+      ],
+      "uuid": "1e318d85-79c7-4988-83b7-ff86a974786c",
+      "value": "Hagga"
     }
   ],
-  "version": 273
+  "version": 274
 }
diff --git a/clusters/tool.json b/clusters/tool.json
index 5e4a5bb..9c366a9 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -6308,6 +6308,13 @@
             "estimative-language:likelihood-probability=\"likely\""
           ],
           "type": "similar"
+        },
+        {
+          "dest-uuid": "1e318d85-79c7-4988-83b7-ff86a974786c",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "used-by"
         }
       ],
       "uuid": "f8cd62cb-b9d3-4352-8f46-0961cfde104c",
@@ -10596,5 +10603,5 @@
       "value": "VENOMBITE"
     }
   ],
-  "version": 167
+  "version": 168
 }