← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Fake CrowdStrike repair manual containing malicious macros | Fake Crowdstrike Domains
WHITE CyberMike 2024-07-23 Modified: 2024-08-22
76
IOCs
HIGH VOLUME
In recent events regarding the Crowdstrike outage, this pulse has been created to list the IoCs of fake domains pretending to be Crowdstrike support as well as recent phishing attempts that indicate actors are using fake help guides that contain malicous macros
crowdstrikewindowsdaolpuchromeedgefirefoxfalcon updatefridayrecovery toolcc ccnexthijackloaderremcoslinuxpolicyinternet sitethe internetsiteorganizationinternetpersonal datacookie policysocradarcookie usagedateunderstand infojulysha256 hashword documentfalcon logscaleiocsdaolpu sha256falcon sensoranalysis luredocumentmozilla
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Remcos Linux Daolpu Understand Info
Indicators of Compromise (1 / 76 total)
All FileHash-MD5 FileHash-SHA256 URL domain email hostname FileHash-SHA1 YARA
TYPEINDICATORDESCRIPTIONCREATED
URL http://hoo.be/crowdstrike 2024-07-23
References (3)
↗ https://www.bleepingcomputer.com/news/security/fake-crowdstrike-repair-manual-pushes-new-daolpu-infostealer-malware/ ↗ https://socradar.io/suspicious-domains-exploiting-the-recent-crowdstrike-outage/ ↗ https://www.crowdstrike.com/blog/fake-recovery-manual-used-to-deliver-unidentified-stealer/