Today > | 7 High | 28 Medium | 8 Low vulnerabilities   -   You can now download lists of IOCs here!

Malicious Inauthentic Falcon Crash Reporter Installer Distributed to German Entity

July 31, 2024, 10:59 a.m.

Description

On July 24, 2024, CrowdStrike Intelligence identified an unattributed spearphishing attempt delivering an inauthentic installer impersonating CrowdStrike's Crash Reporter through a website targeting a German entity. The site utilized JavaScript obfuscation to deliver the malicious installer, which contained CrowdStrike branding, German localization, and a password requirement. The actor employed anti-forensic techniques like subdomain registration and timestomping, indicating targeted, operational security-conscious behavior.

Date

Published: July 31, 2024, 10:47 a.m.

Created: July 31, 2024, 10:47 a.m.

Modified: July 31, 2024, 10:59 a.m.

Indicators

a7516a15e1857996373191795c79244c8f5c8deb1f17ba5dbadeac28e18ec1c7

99bb0f05fd135218a5c4b8cac42e58274086b543d001d7227c8f6a2b7722f425

80304da1e333ed581378797ad8b0b8d81a8ac5928b83423702f0de30f1616225

82ef869e8f7accde731f8c289f19436347a30af1d53c8f61bde5bac8bc91ad1a

41143b2e4bbb9279ba0bbb375748530cc4887cc965967e5c0cc9a39dc44937d6

Attack Patterns

T1566.002

T1204.002

T1566.001

T1036

T1140

Additional Informations

Germany