← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Fake CrowdStrike repair manual containing malicious macros | Fake Crowdstrike Domains
WHITE CyberMike 2024-07-23 Modified: 2024-08-22
76
IOCs
HIGH VOLUME
In recent events regarding the Crowdstrike outage, this pulse has been created to list the IoCs of fake domains pretending to be Crowdstrike support as well as recent phishing attempts that indicate actors are using fake help guides that contain malicous macros
crowdstrikewindowsdaolpuchromeedgefirefoxfalcon updatefridayrecovery toolcc ccnexthijackloaderremcoslinuxpolicyinternet sitethe internetsiteorganizationinternetpersonal datacookie policysocradarcookie usagedateunderstand infojulysha256 hashword documentfalcon logscaleiocsdaolpu sha256falcon sensoranalysis luredocumentmozilla
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Remcos Linux Daolpu Understand Info
Indicators of Compromise (5 / 76 total)
All FileHash-MD5 FileHash-SHA256 URL domain email hostname FileHash-SHA1 YARA
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 d845c7b471d9adc14942f95105d5ffcf 2024-07-23
FileHash-MD5 9f28eef343b1a1c3639446b98b365cc9 MD5 of 3a9323a939fbecbc6d0ceb5c1e1f3ebde91e9f186b46fdf3ba1aee03d1d41cd8 2024-07-23
FileHash-MD5 d67ea3b362d4e9b633216e85ac643d1f MD5 of 5eaf0f1c1d23f4372e24eb15ee969552c416a38dbc45e4f2b4af283e3bfb8721 2024-07-23
FileHash-MD5 dd2100dfa067caae416b885637adc4ef MD5 of 803727ccdf441e49096f3fd48107a5fe55c56c080f46773cd649c9e55ec1be61 2024-07-23
FileHash-MD5 eb29329de4937b34f218665da57bcef4 MD5 of 4ad9845e691dd415420e0c253ba452772495c0b971f48294b54631e79a22644a 2024-07-23
References (3)
↗ https://www.bleepingcomputer.com/news/security/fake-crowdstrike-repair-manual-pushes-new-daolpu-infostealer-malware/ ↗ https://socradar.io/suspicious-domains-exploiting-the-recent-crowdstrike-outage/ ↗ https://www.crowdstrike.com/blog/fake-recovery-manual-used-to-deliver-unidentified-stealer/