From 7b242555dfbd0ee23ebfb91d93c295696bd19c1b Mon Sep 17 00:00:00 2001
From: Rony <rony_123@protonmail.ch>
Date: Sat, 6 Mar 2021 13:28:14 +0530
Subject: [PATCH] More references

From
Crowdstrike
MSRC
and kql hunting query from James Quinn
---
 clusters/threat-actor.json | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 1b198a7..8d07f43 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -8459,7 +8459,10 @@
           "https://us-cert.cisa.gov/ncas/alerts/aa21-062a",
           "https://discuss.elastic.co/t/detection-and-response-for-hafnium-activity/266289",
           "https://github.com/microsoft/CSS-Exchange/tree/main/Security",
-          "https://github.com/cert-lv/exchange_webshell_detection"
+          "https://github.com/cert-lv/exchange_webshell_detection",
+          "https://www.crowdstrike.com/blog/falcon-complete-stops-microsoft-exchange-server-zero-day-exploits",
+          "https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021",
+          "https://pastebin.com/J4L3r2RS"
         ]
       },
       "uuid": "4f05d6c1-3fc1-4567-91cd-dd4637cc38b5",