From d9b299aafcefa6b3cb45f4961a9c0473c3363d97 Mon Sep 17 00:00:00 2001 From: Rony Date: Fri, 5 Mar 2021 11:42:04 +0530 Subject: [PATCH] add more HAFNIUM references --- clusters/threat-actor.json | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index e2bf2a7..ebef9fb 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -8454,7 +8454,10 @@ "https://www.splunk.com/en_us/blog/security/detecting-hafnium-exchange-server-zero-day-activity-in-splunk.html", "https://www.reddit.com/r/msp/comments/lwmo5c/mass_exploitation_of_onprem_exchange_servers", "https://blog.rapid7.com/2021/03/03/rapid7s-insightidr-enables-detection-and-response-to-microsoft-exchange-0-day", - "https://twitter.com/ESETresearch/status/1366862946488451088" + "https://twitter.com/ESETresearch/status/1366862946488451088", + "https://www.fireeye.com/blog/threat-research/2021/03/detection-response-to-exploitation-of-microsoft-exchange-zero-day-vulnerabilities.html, + "https://us-cert.cisa.gov/ncas/alerts/aa21-062a", + "https://discuss.elastic.co/t/detection-and-response-for-hafnium-activity/266289" ] }, "uuid": "4f05d6c1-3fc1-4567-91cd-dd4637cc38b5",