diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 8d07f43..f5f91fb 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -8462,7 +8462,10 @@
           "https://github.com/cert-lv/exchange_webshell_detection",
           "https://www.crowdstrike.com/blog/falcon-complete-stops-microsoft-exchange-server-zero-day-exploits",
           "https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021",
-          "https://pastebin.com/J4L3r2RS"
+          "https://pastebin.com/J4L3r2RS",
+          "https://www.huntress.com/blog/rapid-response-mass-exploitation-of-on-prem-exchange-servers",
+          "https://github.com/microsoft/Microsoft-365-Defender-Hunting-Queries/blob/master/Execution/exchange-iis-worker-dropping-webshell.md",
+          "https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server"
         ]
       },
       "uuid": "4f05d6c1-3fc1-4567-91cd-dd4637cc38b5",