← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Fake CrowdStrike repair manual containing malicious macros | Fake Crowdstrike Domains
WHITE CyberMike 2024-07-23 Modified: 2024-08-22
76
IOCs
HIGH VOLUME
In recent events regarding the Crowdstrike outage, this pulse has been created to list the IoCs of fake domains pretending to be Crowdstrike support as well as recent phishing attempts that indicate actors are using fake help guides that contain malicous macros
crowdstrikewindowsdaolpuchromeedgefirefoxfalcon updatefridayrecovery toolcc ccnexthijackloaderremcoslinuxpolicyinternet sitethe internetsiteorganizationinternetpersonal datacookie policysocradarcookie usagedateunderstand infojulysha256 hashword documentfalcon logscaleiocsdaolpu sha256falcon sensoranalysis luredocumentmozilla
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Remcos Linux Daolpu Understand Info
Indicators of Compromise (4 / 76 total)
All FileHash-MD5 FileHash-SHA256 URL domain email hostname FileHash-SHA1 YARA
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 1ba68f4e998ee1e405dac983084e7ef5b2d08664 SHA1 of 4ad9845e691dd415420e0c253ba452772495c0b971f48294b54631e79a22644a 2024-07-23
FileHash-SHA1 499f8881f4927e7b4a1a0448f62c60741ea6d44b SHA1 of 803727ccdf441e49096f3fd48107a5fe55c56c080f46773cd649c9e55ec1be61 2024-07-23
FileHash-SHA1 4ca0ecbbb4048e52e409f6f09562761dcc22d05f SHA1 of 3a9323a939fbecbc6d0ceb5c1e1f3ebde91e9f186b46fdf3ba1aee03d1d41cd8 2024-07-23
FileHash-SHA1 53d1c13de6e049a5b41fd3b6e5876060f73d28eb SHA1 of 5eaf0f1c1d23f4372e24eb15ee969552c416a38dbc45e4f2b4af283e3bfb8721 2024-07-23
References (3)
↗ https://www.bleepingcomputer.com/news/security/fake-crowdstrike-repair-manual-pushes-new-daolpu-infostealer-malware/ ↗ https://socradar.io/suspicious-domains-exploiting-the-recent-crowdstrike-outage/ ↗ https://www.crowdstrike.com/blog/fake-recovery-manual-used-to-deliver-unidentified-stealer/