From 7b242555dfbd0ee23ebfb91d93c295696bd19c1b Mon Sep 17 00:00:00 2001 From: Rony Date: Sat, 6 Mar 2021 13:28:14 +0530 Subject: [PATCH] More references From Crowdstrike MSRC and kql hunting query from James Quinn --- clusters/threat-actor.json | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 1b198a7..8d07f43 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -8459,7 +8459,10 @@ "https://us-cert.cisa.gov/ncas/alerts/aa21-062a", "https://discuss.elastic.co/t/detection-and-response-for-hafnium-activity/266289", "https://github.com/microsoft/CSS-Exchange/tree/main/Security", - "https://github.com/cert-lv/exchange_webshell_detection" + "https://github.com/cert-lv/exchange_webshell_detection", + "https://www.crowdstrike.com/blog/falcon-complete-stops-microsoft-exchange-server-zero-day-exploits", + "https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021", + "https://pastebin.com/J4L3r2RS" ] }, "uuid": "4f05d6c1-3fc1-4567-91cd-dd4637cc38b5",