{ "type": "Domain", "indicator": "crowdstrikebsod.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/crowdstrikebsod.com", "alexa": "http://www.alexa.com/siteinfo/crowdstrikebsod.com", "indicator": "crowdstrikebsod.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3924556867, "indicator": "crowdstrikebsod.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 5, "pulses": [ { "id": "669e1536769b8ca23684cd60", "name": "Hackers Exploits CrowdStrike Issues to Attack Windows System With RemCos Malware", "description": "Security firm CrowdStrike has reported that hackers have exploited a content update for its Falcon sensor to attack Windows operating systems with RemCos malware from July 20, 2024. the first such attack in the world.", "modified": "2024-08-21T08:01:05.957000", "created": "2024-07-22T08:15:50.072000", "tags": [ "crowdstrike", "windows", "latam", "zip archive", "falcon", "hijackloader", "remcos payload", "july", "falcon sensor", "remcos", "phishing" ], "references": [ "https://cybersecuritynews.com/threat-actor-exploits-crowdstrike-falcon-sensor-issues/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "HijackLoader", "display_name": "HijackLoader", "target": null }, { "id": "RemCos", "display_name": "RemCos", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "FileHash-SHA1": 3, "FileHash-SHA256": 5, "domain": 23, "hostname": 6 }, "indicator_count": 40, "is_author": false, "is_subscribing": null, "subscriber_count": 863, "modified_text": "648 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66aba1d4ed0cf81e939c043e", "name": "CrowdStrike_Phishing_08012024", "description": "", "modified": "2024-08-01T14:55:16.771000", "created": "2024-08-01T14:55:16.771000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AustinBH", "id": "147442", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 553, "hostname": 2077, "URL": 1 }, "indicator_count": 2631, "is_author": false, "is_subscribing": null, "subscriber_count": 57, "modified_text": "667 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66a74f47a7874eb025af53b8", "name": "Falcon Sensor Issue Likely Used to Target CrowdStrike Customers", "description": "Security firm CrowdStrike Intelligence has identified domains that impersonate its brand and may be used to target its customers in the 2024 Windows \u201cApocalypse\u201d cyber-attack event, which takes place on 19 July 2024.", "modified": "2024-07-29T08:13:59.210000", "created": "2024-07-29T08:13:59.210000", "tags": [ "july", "crowdstrike", "figure", "falcon content", "update", "windows hosts", "windows", "logscale query", "george kurtz", "falcon" ], "references": [ "https://www.crowdstrike.com/blog/falcon-sensor-issue-use-to-target-crowdstrike-customers/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 21, "hostname": 4 }, "indicator_count": 25, "is_author": false, "is_subscribing": null, "subscriber_count": 864, "modified_text": "671 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "669e2c69d92e9ddf3364a8ac", "name": "Crowdstrike Phishing Domains - JustPaste.it", "description": "Crowdstrike Phishing Domains are being found actively in the wild \nSome of the domains targeted by hackers were registered 2-3 days back.", "modified": "2024-07-22T09:54:49.171000", "created": "2024-07-22T09:54:49.171000", "tags": [ "domains", "crowdstrike", "follow", "osint", "privacy", "blog", "phishing" ], "references": [ "https://justpaste.it/du8fx", "https://x.com/RakeshKrish12/status/1815323217906847980" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1598", "name": "Phishing for Information", "display_name": "T1598 - Phishing for Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Bheeshmar", "id": "55168", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_55168/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 103, "hostname": 6 }, "indicator_count": 109, "is_author": false, "is_subscribing": null, "subscriber_count": 84, "modified_text": "678 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "669e15708ac31774edd1a1c0", "name": "Alert! Hackers Exploiting CrowdStrike Issue in Cyber Attacks", "description": "Hackers are exploiting a technical issue in CrowdStrike\u2019s Windows systems to launch new attacks, according to the security firm's research and development (CrowdStrike) and research group, Crowdstrike Intelligence.", "modified": "2024-07-22T08:16:48.217000", "created": "2024-07-22T08:16:48.217000", "tags": [ "crowdstrike", "windows", "july", "business", "from spoofing", "phishing", "free", "intelligence", "follow official", "remain" ], "references": [ "https://cybersecuritynews.com/hackers-exploiting-crowdstrike/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 23, "hostname": 6 }, "indicator_count": 29, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "678 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://justpaste.it/du8fx", "https://x.com/RakeshKrish12/status/1815323217906847980", "https://cybersecuritynews.com/threat-actor-exploits-crowdstrike-falcon-sensor-issues/", "https://www.crowdstrike.com/blog/falcon-sensor-issue-use-to-target-crowdstrike-customers/", "https://cybersecuritynews.com/hackers-exploiting-crowdstrike/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Hijackloader", "Remcos" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 5, "pulses": [ { "id": "669e1536769b8ca23684cd60", "name": "Hackers Exploits CrowdStrike Issues to Attack Windows System With RemCos Malware", "description": "Security firm CrowdStrike has reported that hackers have exploited a content update for its Falcon sensor to attack Windows operating systems with RemCos malware from July 20, 2024. the first such attack in the world.", "modified": "2024-08-21T08:01:05.957000", "created": "2024-07-22T08:15:50.072000", "tags": [ "crowdstrike", "windows", "latam", "zip archive", "falcon", "hijackloader", "remcos payload", "july", "falcon sensor", "remcos", "phishing" ], "references": [ "https://cybersecuritynews.com/threat-actor-exploits-crowdstrike-falcon-sensor-issues/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "HijackLoader", "display_name": "HijackLoader", "target": null }, { "id": "RemCos", "display_name": "RemCos", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "FileHash-SHA1": 3, "FileHash-SHA256": 5, "domain": 23, "hostname": 6 }, "indicator_count": 40, "is_author": false, "is_subscribing": null, "subscriber_count": 863, "modified_text": "648 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66aba1d4ed0cf81e939c043e", "name": "CrowdStrike_Phishing_08012024", "description": "", "modified": "2024-08-01T14:55:16.771000", "created": "2024-08-01T14:55:16.771000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AustinBH", "id": "147442", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 553, "hostname": 2077, "URL": 1 }, "indicator_count": 2631, "is_author": false, "is_subscribing": null, "subscriber_count": 57, "modified_text": "667 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66a74f47a7874eb025af53b8", "name": "Falcon Sensor Issue Likely Used to Target CrowdStrike Customers", "description": "Security firm CrowdStrike Intelligence has identified domains that impersonate its brand and may be used to target its customers in the 2024 Windows \u201cApocalypse\u201d cyber-attack event, which takes place on 19 July 2024.", "modified": "2024-07-29T08:13:59.210000", "created": "2024-07-29T08:13:59.210000", "tags": [ "july", "crowdstrike", "figure", "falcon content", "update", "windows hosts", "windows", "logscale query", "george kurtz", "falcon" ], "references": [ "https://www.crowdstrike.com/blog/falcon-sensor-issue-use-to-target-crowdstrike-customers/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 21, "hostname": 4 }, "indicator_count": 25, "is_author": false, "is_subscribing": null, "subscriber_count": 864, "modified_text": "671 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "669e2c69d92e9ddf3364a8ac", "name": "Crowdstrike Phishing Domains - JustPaste.it", "description": "Crowdstrike Phishing Domains are being found actively in the wild \nSome of the domains targeted by hackers were registered 2-3 days back.", "modified": "2024-07-22T09:54:49.171000", "created": "2024-07-22T09:54:49.171000", "tags": [ "domains", "crowdstrike", "follow", "osint", "privacy", "blog", "phishing" ], "references": [ "https://justpaste.it/du8fx", "https://x.com/RakeshKrish12/status/1815323217906847980" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1598", "name": "Phishing for Information", "display_name": "T1598 - Phishing for Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Bheeshmar", "id": "55168", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_55168/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 103, "hostname": 6 }, "indicator_count": 109, "is_author": false, "is_subscribing": null, "subscriber_count": 84, "modified_text": "678 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "669e15708ac31774edd1a1c0", "name": "Alert! Hackers Exploiting CrowdStrike Issue in Cyber Attacks", "description": "Hackers are exploiting a technical issue in CrowdStrike\u2019s Windows systems to launch new attacks, according to the security firm's research and development (CrowdStrike) and research group, Crowdstrike Intelligence.", "modified": "2024-07-22T08:16:48.217000", "created": "2024-07-22T08:16:48.217000", "tags": [ "crowdstrike", "windows", "july", "business", "from spoofing", "phishing", "free", "intelligence", "follow official", "remain" ], "references": [ "https://cybersecuritynews.com/hackers-exploiting-crowdstrike/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 23, "hostname": 6 }, "indicator_count": 29, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "678 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "crowdstrikebsod.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "crowdstrikebsod.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780226207.6474278 }