Detecting CrowdStrike BSOD phising domains

Detecting CrowdStrike BSOD phising domains

On July 19, 2024, a content update from cybersecurity vendor CrowdStrike triggered a widespread Blue Screen of Death (BSOD) event impacting Windows machines globally. Microsoft estimates that approximately 8.5 million systems were affected. The company has since released a recovery tool to assist impacted customers.

Capitalizing on this disruption, malicious actors have launched phishing campaigns and deployed malware disguised as CrowdStrike hotfixes. Security researchers and threat intelligence providers, including McAfee, have identified numerous suspicious domains registered since the incident.


Analyzing traces of malicious domains using EventLog Analyzer's Incident Workbench.

To mitigate any further disruption, international security regulatory bodies such as CISA and CERT-In have issued advisories urging users to remain vigilant and avoid clicking on links or downloading attachments from untrusted sources.

  Currently, the below malicious domains associated with the CrowdStrike incident have been identified by the threat intel sources.

  • crowdstrikebug.com

  • crowdstrikefail.com

  • crowdstrikeoopsie.com

  • crowdfalcon-immed-update.com

  • supportfalconcrowdstrikel.com

  • crowdstrikeclaim.com

  • crowdstrike0day.com

  • crowdstrikedoomsday.com

  • crowdstrikedown.site

  • crowdstrike-helpdesk.com

  • sinkhole-d845c7b471d9adc14942f95105d5ffcf.crowdstrikeupdate.com

  • crowdstrikeoutage.com

  • isitcrowdstrike.com

  • crowdstrikefix.zip.com

  • crowdstrike-cloudtrail-storage-bb-126d5e.s3.us-west-1.amazonaws.com

  • crowdstrikereport.com

 

How can ManageEngine help you stay secure after the CrowdStrike meltdown 

 

ManageEngine EventLog Analyzer partners up with several reputed threat intelligence platforms and threat intel providers like Webroot and VirusTotal to maintain a centralized threat feed repository. This repository gets auto-updated dynamically, and helps you detect and proactively search for indicators of compromise (IoCs) linked to attacks exploiting the CrowdStrike incident. EventLog Analyzer equips you to stay ahead of these attempts, even if your organization hasn't been directly affected by the CrowdStrike disruption.

 Check out part 2 for the step-by-step instructions.

 

Need assistance? Do not hesitate to reach out to us.

Live Online Support 24/5

 


                New to ADSelfService Plus?