ioc[.]one - OSINT Cyber Threat Intelligence Database

Malware Distributed Using Falcon Sensor Update Phishing Lure | CrowdStrike

Tags

cmtmf-attack-pattern:	Command And Scripting Interpreter Masquerading Obfuscated Files Or Information
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Command And Scripting Interpreter - T1623 Credentials - T1589.001 Exfiltration Over C2 Channel - T1646 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Obfuscated Files Or Information - T1406 Phishing - T1660 Phishing - T1566 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Software Packing - T1027.002 Software Packing - T1406.002 Windows Command Shell - T1059.003 Command-Line Interface - T1059 Exfiltration Over Command And Control Channel - T1041 Masquerading - T1036 Obfuscated Files Or Information - T1027 Software Packing - T1045 User Execution - T1204 Masquerading User Execution

Show in Graph

Common Information

Type	Value
UUID	7a7efe38-5e8f-40f1-9f46-e95319c52290
Fingerprint	a498095e673f8e00
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 24, 2024, 2:14 p.m.
Added to db	Aug. 31, 2024, 9:23 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Lumma Stealer Packed with CypherIt Distributed Using Falcon Sensor Update Phishing Lure
Title	Malware Distributed Using Falcon Sensor Update Phishing Lure \| CrowdStrike
Detected Hints/Tags/Attributes	57/3/29

Source URLs

	Redirection	Url
Details	Source	https://www.crowdstrike.com/blog/lumma-stealer-with-cypherit-phishing-lure/

URL Provider

Details	Provider	Source level domain
Details	crowdstrike.com	www.crowdstrike.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	287	✔	Cybersecurity Blog \| CrowdStrike	https://www.crowdstrike.com/blog/feed	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	3	crowdstrike-office365.com
Details	Domain	1	iiaiyitre.pa
Details	Domain	1	go.microsoft.crowdstrike-office365.com
Details	Domain	113	www.usenix.org
Details	File	1	widowssystem-update.msi
Details	File	1	plenrco.exe
Details	File	1	symposiumtaiwan.exe
Details	File	6	c:\aaa_touchmenot_.txt
Details	File	41	avastui.exe
Details	File	42	bdagent.exe
Details	File	76	download.html
Details	sha256	1	50f9c384443a40d15a6e74960f1ba75dcf741eabdb5713bd2eba453a6aad81e5
Details	sha256	1	3ed535bbcd9d4980ec8bc60cd64804e9c9617b7d88723d3b05e6ad35821c3fe7
Details	sha256	1	c3e50ca693f88678d1a6e05c870f605d18ad2ce5cfec6064b7b2fe81716d40b0
Details	sha256	1	c1e27b2e7db4fba9f011317ff86b0d638fe720b945e933b286bb3cf6cdb60b6f
Details	sha256	1	865347471135bb5459ad0e647e75a14ad91424b6f13a5c05d9ecd9183a8a1cf4
Details	sha256	1	66ad1c04ebb970f2494f2f30b45d6a83c2f3a2bb663565899f57bb5422851518
Details	sha256	1	6217436a326d1abcd78a838d60ab5de1fee8a62cda9f0d49116f9c36dc29d6fa
Details	sha256	1	2856b7d3948dfb5231056e52437257757839880732849c2e2a35de3103c64768
Details	sha256	1	d669078a7cdcf71fb3f2c077d43f7f9c9fdbdb9af6f4d454d23a718c6286302a
Details	sha256	1	1e06ef09d9e487fd54dbb70784898bff5c3ee25d87f468c9c5d0dfb8948fb45c
Details	sha256	1	6ec39c6eee15805ef3098af7ae172517a279b042fc6c323ebf1aef8f8f2b21be
Details	MITRE ATT&CK Techniques	409	T1566
Details	MITRE ATT&CK Techniques	333	T1059.003
Details	MITRE ATT&CK Techniques	420	T1204
Details	MITRE ATT&CK Techniques	160	T1027.002
Details	MITRE ATT&CK Techniques	422	T1041
Details	Url	1	https://crowdstrike-office365.com/go.microsoft.crowdstrike-office365.com/download.html
Details	Url	1	https://www.usenix.org/system/files/conference/woot16/woot16-paper-blackthorne_update.pdf