{
  "name": "Likely eCrime Actor Capitalizing on Falcon Sensor Issues",
  "slug": "likely-ecrime-actor-capitalizing-on-falcon-sensor-issues",
  "description": "A cybercrime group has leveraged a content update issue with the CrowdStrike Falcon sensor to distribute malicious files targeting Latin American customers. The campaign involves a ZIP archive named 'crowdstrike-hotfix.zip' containing a HijackLoader payload that loads RemCos malware, using Spanish filenames and instructions, indicating it specifically aims at CrowdStrike clients in that region.",
  "published": "2024-07-29T10:16:12+00:00",
  "created_at": "2024-07-29T10:16:12+00:00",
  "modified_at": "2024-07-29T10:34:31+00:00",
  "created_at_opencti": "2024-07-29T10:16:12+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-07-29",
    "falcon",
    "hijackloader",
    "latam",
    "phishing",
    "remcos"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "213.5.130.58"
      },
      {
        "id": "",
        "name": "d6d5ff8e9dc6d2b195a6715280c2f1ba471048a7ce68d256040672b801fda0ea"
      },
      {
        "id": "",
        "name": "be074196291ccf74b3c4c8bd292f92da99ec37a25dc8af651bd0ba3f0d020349"
      },
      {
        "id": "",
        "name": "b6f321a48812dc922b26953020c9a60949ec429a921033cfaf1e9f7d088ee628"
      },
      {
        "id": "",
        "name": "b1fcb0339b9ef4860bb1ed1e5ba0e148321be64696af64f3b1643d1311028cb3"
      },
      {
        "id": "",
        "name": "931308cfe733376e19d6cd2401e27f8b2945cec0b9c696aebe7029ea76d45bf6"
      },
      {
        "id": "",
        "name": "835f1141ece59c36b18e76927572d229136aeb12eff44cb4ba98d7808257c299"
      },
      {
        "id": "",
        "name": "6010e2147a0f51a7bfa2f942a5a9eaad9a294f463f717963b486ed3f53d305c2"
      },
      {
        "id": "",
        "name": "5ae3838d77c2102766538f783d0a4b4205e7d2cdba4e0ad2ab332dc8ab32fea9"
      },
      {
        "id": "",
        "name": "52019f47f96ca868fa4e747c3b99cba1b7aa57317bf8ebf9fcbf09aa576fe006"
      },
      {
        "id": "",
        "name": "4f450abaa4daf72d974a830b16f91deed77ba62412804dca41a6d42a7d8b6fd0"
      },
      {
        "id": "",
        "name": "48a3398bbbf24ecd64c27cb2a31e69a6b60e9a69f33fe191bcf5fddbabd9e184"
      },
      {
        "id": "",
        "name": "2bdf023c439010ce0a786ec75d943a80a8f01363712bbf69afc29d3e2b5306ed"
      },
      {
        "id": "",
        "name": "c44506fe6e1ede5a104008755abf5b6ace51f1a84ad656a2dccc7f2c39c0eca2"
      }
    ],
    "malware": [
      {
        "id": "legacy:malware:e08fa00836267873",
        "name": "HijackLoader",
        "slug": "hijackloader"
      },
      {
        "id": "legacy:malware:196436899fefaba3",
        "name": "Remcos",
        "slug": "remcos"
      }
    ],
    "attack_patterns": [
      {
        "id": "1d0d9e67-eb8a-439c-a2c7-cab311bb25c4",
        "name": "T1195.002"
      },
      {
        "id": "b3ad0214-589b-48ea-b042-93d73e1e0e4b",
        "name": "T1086"
      },
      {
        "id": "99a1fb98-1a01-485b-b90a-a9f362f41a84",
        "name": "T1091"
      },
      {
        "id": "9e784d22-5a6c-4da6-968a-5fab2f019efd",
        "name": "T1059.005"
      },
      {
        "id": "9322d33b-00c1-4f99-9f1a-a33d93c0dac2",
        "name": "T1059.007"
      },
      {
        "id": "196f2a64-c55b-47a6-8e38-beb76ba700b6",
        "name": "T1204.002"
      },
      {
        "id": "cbd87c8c-3bed-461a-acef-56ffc8b87571",
        "name": "T1105"
      }
    ]
  },
  "external_refs": [
    "https://www.crowdstrike.com/blog/likely-ecrime-actor-capitalizing-on-falcon-sensor-issues/",
    "https://otx.alienvault.com/pulse/66a7880cfecf37b2bd484567"
  ]
}