216.73.217.22

Likely eCrime Actor Capitalizing on Falcon Sensor Issues

· Published 29/07/2024 12:16 · Modified 29/07/2024 12:34

Export JSON

Essential information

Published
29/07/2024 12:16
Modified
29/07/2024 12:34
Tags
2024-07-29 falcon hijackloader latam phishing remcos
Related entities
14 observables, 7 techniques (mitre), 2 malware

Description

A cybercrime group has leveraged a content update issue with the CrowdStrike sensor to distribute malicious files targeting Latin American customers. The campaign involves a ZIP archive named 'crowdstrike-hotfix.zip' containing a payload that loads malware, using Spanish filenames and instructions, indicating it specifically aims at CrowdStrike clients in that region.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Observables (14)

  • 213.5.130.58
  • d6d5ff8e9dc6d2b195a6715280c2f1ba471048a7ce68d256040672b801fda0ea
  • be074196291ccf74b3c4c8bd292f92da99ec37a25dc8af651bd0ba3f0d020349
  • b6f321a48812dc922b26953020c9a60949ec429a921033cfaf1e9f7d088ee628
  • b1fcb0339b9ef4860bb1ed1e5ba0e148321be64696af64f3b1643d1311028cb3
  • 931308cfe733376e19d6cd2401e27f8b2945cec0b9c696aebe7029ea76d45bf6
  • 835f1141ece59c36b18e76927572d229136aeb12eff44cb4ba98d7808257c299
  • 6010e2147a0f51a7bfa2f942a5a9eaad9a294f463f717963b486ed3f53d305c2
  • 5ae3838d77c2102766538f783d0a4b4205e7d2cdba4e0ad2ab332dc8ab32fea9
  • 52019f47f96ca868fa4e747c3b99cba1b7aa57317bf8ebf9fcbf09aa576fe006
  • 4f450abaa4daf72d974a830b16f91deed77ba62412804dca41a6d42a7d8b6fd0
  • 48a3398bbbf24ecd64c27cb2a31e69a6b60e9a69f33fe191bcf5fddbabd9e184
  • 2bdf023c439010ce0a786ec75d943a80a8f01363712bbf69afc29d3e2b5306ed
  • c44506fe6e1ede5a104008755abf5b6ace51f1a84ad656a2dccc7f2c39c0eca2

Techniques (MITRE) (7)

Malware (2)

  • Hijackloader
    Family
    Published 10/06/2026 11:58 · Modified 10/06/2026 11:58
  • Remcos
    Family
    Published 05/05/2026 18:45 · Modified 05/05/2026 18:45

External references