From 18ee466ae4db6331c2352acedc59b7c9b4c1272c Mon Sep 17 00:00:00 2001 From: Delta-Sierra Date: Mon, 22 May 2023 15:44:18 +0200 Subject: [PATCH] add Hagga threat actor --- clusters/threat-actor.json | 22 +++++++++++++++++++++- clusters/tool.json | 9 ++++++++- 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 871d273c..6108c760 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -11337,7 +11337,27 @@ }, "uuid": "aac49b4e-74e9-49fa-84f9-e340cf8bafbc", "value": "APT43" + }, + { + "description": "Hagga is believed to have been using Agent Tesla, 2021’s sixth most prevalent malware, to steal sensitive information from his victims since the latter part of 2021.", + "meta": { + "refs": [ + "https://www.team-cymru.com/post/an-analysis-of-infrastructure-linked-to-the-hagga-threat-actor", + "https://otx.alienvault.com/pulse/62cfe4ef3415be5f83be81d1" + ] + }, + "related": [ + { + "dest-uuid": "f8cd62cb-b9d3-4352-8f46-0961cfde104c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "uses" + } + ], + "uuid": "1e318d85-79c7-4988-83b7-ff86a974786c", + "value": "Hagga" } ], - "version": 273 + "version": 274 } diff --git a/clusters/tool.json b/clusters/tool.json index 5e4a5bb8..9c366a95 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -6308,6 +6308,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "1e318d85-79c7-4988-83b7-ff86a974786c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "used-by" } ], "uuid": "f8cd62cb-b9d3-4352-8f46-0961cfde104c", @@ -10596,5 +10603,5 @@ "value": "VENOMBITE" } ], - "version": 167 + "version": 168 }