{"id":8248,"date":"2024-07-23T13:37:41","date_gmt":"2024-07-23T13:37:41","guid":{"rendered":"\/cybersecurity-blog\/?p=8248"},"modified":"2024-07-24T14:04:58","modified_gmt":"2024-07-24T14:04:58","slug":"crowdstrike-outage-abuse","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/crowdstrike-outage-abuse\/","title":{"rendered":"Find Threats Exploiting CrowdStrike Outage <br> with TI Lookup \u00a0"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">A recent update by CrowdStrike on July 18, 2024, resulted in a worldwide outage, causing significant disruption for users who were left with blue screens of death (BSODs) on their devices.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Cybercriminals seized the opportunity to target affected users with phishing scams and malware.\u00a0<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=threats_crowdstrike&amp;utm_term=230724&amp;utm_content=linktolanding\/\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a> team has been closely monitoring the situation after the outage and has identified two primary sources of threats \u2014 domains and malware disguised as updates or bug fixes.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Fake CrowdStrike Domains&nbsp;<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">One of the earliest consequences of the outage was the creation of websites with domain names that mimicked CrowdStrike&#8217;s official domain. Although some of them were created with no malicious intent, others were used as part of phishing attempts.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">These websites included newly registered ones and those that were still under construction.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Some examples:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Crowdstriketoken[.]com: <a href=\"https:\/\/app.any.run\/tasks\/f58a7af0-e5ad-4d1c-8c18-f2093cddc28c\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=threats_crowdstrike&amp;utm_term=230724&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/app.any.run\/tasks\/f58a7af0-e5ad-4d1c-8c18-f2093cddc28c\/<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Crowdstrikebluescreen[.]com: <a href=\"https:\/\/app.any.run\/tasks\/789aa98b-fe9d-4758-a023-72a0b67530f8\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=threats_crowdstrike&amp;utm_term=230724&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/app.any.run\/tasks\/789aa98b-fe9d-4758-a023-72a0b67530f8\/<\/a> &nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>crowdstrikedown[.]site: <a href=\"https:\/\/app.any.run\/tasks\/577a9a3c-148d-419f-9eb2-89adbbabeef4\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=threats_crowdstrike&amp;utm_term=230724&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/app.any.run\/tasks\/577a9a3c-148d-419f-9eb2-89adbbabeef4\/<\/a> &nbsp;<\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"561\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/CrowdStrike-Outage-Exploited-by-Attackers-1024x561.png\" alt=\"\" class=\"wp-image-8250\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/CrowdStrike-Outage-Exploited-by-Attackers-1024x561.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/CrowdStrike-Outage-Exploited-by-Attackers-300x164.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/CrowdStrike-Outage-Exploited-by-Attackers-768x420.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/CrowdStrike-Outage-Exploited-by-Attackers-370x203.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/CrowdStrike-Outage-Exploited-by-Attackers-270x148.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/CrowdStrike-Outage-Exploited-by-Attackers-740x405.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/CrowdStrike-Outage-Exploited-by-Attackers.png 1520w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Fake domains identified within three days following the outage<\/em>&nbsp;<\/figcaption><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">Looking at the data, the first day after the outage saw the highest volume of newly-generated fake domains. Threat actors were quick to respond, potentially tricking numerous users into visiting fake websites while they were trying to fix the problem on their own.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Here is a list of domains collected by ANY.RUN so far:&nbsp;<\/p>\n\n\n\n<div class=\"wpdt-c row wpDataTableContainerSimpleTable wpDataTables wpDataTablesWrapper\n\"\n    >\n        <table id=\"wpdtSimpleTable-114\"\n           style=\"border-collapse:collapse;\n                   border-spacing:0px;\"\n           class=\"wpdtSimpleTable wpDataTable\"\n           data-column=\"5\"\n           data-rows=\"14\"\n           data-wpID=\"114\"\n           data-responsive=\"0\"\n           data-has-header=\"0\">\n\n                    <tbody>        <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"A1\"\n                    data-col-index=\"0\"\n                    data-row-index=\"0\"\n                    style=\" width:22.596153846154%;                    padding:10px;\n                    \"\n                    >\n                                        crowdstrike-bsod[.]co                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"B1\"\n                    data-col-index=\"1\"\n                    data-row-index=\"0\"\n                    style=\" width:16.907051282051%;                    padding:10px;\n                    \"\n                    >\n                                        crowdstrike-bsod[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"C1\"\n                    data-col-index=\"2\"\n                    data-row-index=\"0\"\n                    style=\" width:15.144230769231%;                    padding:10px;\n                    \"\n                    >\n                                        crowdstrike-fix[.]zip                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"D1\"\n                    data-col-index=\"3\"\n                    data-row-index=\"0\"\n                    style=\" width:17.948717948718%;                    padding:10px;\n                    \"\n                    >\n                                        crowdstrike-helpdesk[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"E1\"\n                    data-col-index=\"4\"\n                    data-row-index=\"0\"\n                    style=\" width:27.403846153846%;                    padding:10px;\n                    \"\n                    >\n                                        crowdstrike-out[.]com                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"A2\"\n                    data-col-index=\"0\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrike[.]blue                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"B2\"\n                    data-col-index=\"1\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrike[.]bot                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"C2\"\n                    data-col-index=\"2\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrike[.]cam                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"D2\"\n                    data-col-index=\"3\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrike[.]ee                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"E2\"\n                    data-col-index=\"4\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrike[.]es                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"A3\"\n                    data-col-index=\"0\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrike[.]fail                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"B3\"\n                    data-col-index=\"1\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrike0day[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"C3\"\n                    data-col-index=\"2\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikebluescreen[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"D3\"\n                    data-col-index=\"3\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikebsod[.]co                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"E3\"\n                    data-col-index=\"4\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikebsod[.]com                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"A4\"\n                    data-col-index=\"0\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikebug[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"B4\"\n                    data-col-index=\"1\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikeclaim[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"C4\"\n                    data-col-index=\"2\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikeclaims[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"D4\"\n                    data-col-index=\"3\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikeclassaction[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"E4\"\n                    data-col-index=\"4\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikecure[.]com                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"A5\"\n                    data-col-index=\"0\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikedoomsday[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"B5\"\n                    data-col-index=\"1\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikedown[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"C5\"\n                    data-col-index=\"2\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikedown[.]site                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"D5\"\n                    data-col-index=\"3\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikefail[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"E5\"\n                    data-col-index=\"4\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikefix[.]co                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"A6\"\n                    data-col-index=\"0\"\n                    data-row-index=\"5\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikefix[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"B6\"\n                    data-col-index=\"1\"\n                    data-row-index=\"5\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikefix[.]in                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"C6\"\n                    data-col-index=\"2\"\n                    data-row-index=\"5\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikefix[.]zip                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"D6\"\n                    data-col-index=\"3\"\n                    data-row-index=\"5\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikeglitch[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"E6\"\n                    data-col-index=\"4\"\n                    data-row-index=\"5\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikehelp[.]com                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"A7\"\n                    data-col-index=\"0\"\n                    data-row-index=\"6\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikelawsuit[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"B7\"\n                    data-col-index=\"1\"\n                    data-row-index=\"6\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikemedaddy[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"C7\"\n                    data-col-index=\"2\"\n                    data-row-index=\"6\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikeold[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"D7\"\n                    data-col-index=\"3\"\n                    data-row-index=\"6\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikeoops[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"E7\"\n                    data-col-index=\"4\"\n                    data-row-index=\"6\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikeoopsie[.]com                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"A8\"\n                    data-col-index=\"0\"\n                    data-row-index=\"7\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikeoopsies[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"B8\"\n                    data-col-index=\"1\"\n                    data-row-index=\"7\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikeout[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"C8\"\n                    data-col-index=\"2\"\n                    data-row-index=\"7\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikeoutage[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"D8\"\n                    data-col-index=\"3\"\n                    data-row-index=\"7\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikeoutage[.]info                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"E8\"\n                    data-col-index=\"4\"\n                    data-row-index=\"7\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikepatch[.]com                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"A9\"\n                    data-col-index=\"0\"\n                    data-row-index=\"8\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikeplatform[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"B9\"\n                    data-col-index=\"1\"\n                    data-row-index=\"8\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikeplatform[.]info                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"C9\"\n                    data-col-index=\"2\"\n                    data-row-index=\"8\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikerecovery[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"D9\"\n                    data-col-index=\"3\"\n                    data-row-index=\"8\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikereport[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"E9\"\n                    data-col-index=\"4\"\n                    data-row-index=\"8\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikesettlement[.]com                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"A10\"\n                    data-col-index=\"0\"\n                    data-row-index=\"9\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikesuporte[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"B10\"\n                    data-col-index=\"1\"\n                    data-row-index=\"9\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikesupport[.]info                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"C10\"\n                    data-col-index=\"2\"\n                    data-row-index=\"9\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstriketoken[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"D10\"\n                    data-col-index=\"3\"\n                    data-row-index=\"9\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikeupdate[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"E10\"\n                    data-col-index=\"4\"\n                    data-row-index=\"9\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikeyou[.]xyz                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"A11\"\n                    data-col-index=\"0\"\n                    data-row-index=\"10\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        crowdstrikezeroday[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"B11\"\n                    data-col-index=\"1\"\n                    data-row-index=\"10\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        fix-crowdstrike-apocalypse[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"C11\"\n                    data-col-index=\"2\"\n                    data-row-index=\"10\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        fix-crowdstrike-bsod[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"D11\"\n                    data-col-index=\"3\"\n                    data-row-index=\"10\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        fix-crowdstrike[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"E11\"\n                    data-col-index=\"4\"\n                    data-row-index=\"10\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        fixcrowdstrike[.]com                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"A12\"\n                    data-col-index=\"0\"\n                    data-row-index=\"11\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        fixmycrowdstrike[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"B12\"\n                    data-col-index=\"1\"\n                    data-row-index=\"11\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        fuckcrowdstrike[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"C12\"\n                    data-col-index=\"2\"\n                    data-row-index=\"11\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        howtofixcrowdstrikeissue[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"D12\"\n                    data-col-index=\"3\"\n                    data-row-index=\"11\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        iscrowdstrikedown[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"E12\"\n                    data-col-index=\"4\"\n                    data-row-index=\"11\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        iscrowdstrikefixed[.]com                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"A13\"\n                    data-col-index=\"0\"\n                    data-row-index=\"12\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        iscrowdstrikestilldown[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"B13\"\n                    data-col-index=\"1\"\n                    data-row-index=\"12\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        isitcrowdstrike[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"C13\"\n                    data-col-index=\"2\"\n                    data-row-index=\"12\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        microsoftcrowdstrike[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"D13\"\n                    data-col-index=\"3\"\n                    data-row-index=\"12\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        microsoftoutagescrowdstrike[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"E13\"\n                    data-col-index=\"4\"\n                    data-row-index=\"12\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        secure-crowdstrike[.]com                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"A14\"\n                    data-col-index=\"0\"\n                    data-row-index=\"13\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        suportecrowdstrike[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011\"\n                                            data-cell-id=\"B14\"\n                    data-col-index=\"1\"\n                    data-row-index=\"13\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        whatiscrowdstrike[.]com                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011 wpdt-empty-cell \"\n                                            data-cell-id=\"C14\"\n                    data-col-index=\"2\"\n                    data-row-index=\"13\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                                            <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011 wpdt-empty-cell \"\n                                            data-cell-id=\"D14\"\n                    data-col-index=\"3\"\n                    data-row-index=\"13\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                                            <\/td>\n                                                <td class=\"wpdt-cell wpdt-fs-000011 wpdt-empty-cell \"\n                                            data-cell-id=\"E14\"\n                    data-col-index=\"4\"\n                    data-row-index=\"13\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                                            <\/td>\n                                        <\/tr>\n                    <\/table>\n<\/div><style id='wpdt-custom-style-114'>\ntable#wpdtSimpleTable-114{ table-layout: fixed !important; }\ntable#wpdtSimpleTable-114 td, table.wpdtSimpleTable114 th { white-space: normal !important; }\n.wpdt-fs-000011 { font-size: 11px !important;}\n<\/style>\n\n\n\n\n<p class=\"wp-block-paragraph\">To stay informed about the latest suspicious domains, use <a href=\"https:\/\/any.run\/cybersecurity-blog\/introducing-any-run-threat-intelligence-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">TI Lookup<\/a>. Our service lets you search our continuously updated threat database using 40 parameters, including domain names.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"622\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image-4-1024x622.png\" alt=\"\" class=\"wp-image-8251\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image-4-1024x622.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image-4-300x182.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image-4-768x466.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image-4-370x225.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image-4-270x164.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image-4-740x449.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image-4.png 1336w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>An example of a query for finding malicious domains mimicking CrowdStrike\u2019s<\/em><\/figcaption><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">Use queries like the ones below to look for more examples of websites impersonating CrowdStrike:<\/p>\n\n\n\n<div class=\"wpdt-c row wpDataTableContainerSimpleTable wpDataTables wpDataTablesWrapper\n\"\n    >\n        <table id=\"wpdtSimpleTable-115\"\n           style=\"border-collapse:collapse;\n                   border-spacing:0px;\"\n           class=\"wpdtSimpleTable wpDataTable\"\n           data-column=\"1\"\n           data-rows=\"1\"\n           data-wpID=\"115\"\n           data-responsive=\"0\"\n           data-has-header=\"0\">\n\n                    <tbody>        <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A1\"\n                    data-col-index=\"0\"\n                    data-row-index=\"0\"\n                    style=\" width:100%;                    padding:10px;\n                    \"\n                    >\n                                        <a class=\"wpdt-link-content\" style=\"color: #009cff; text-decoration: underline\" href=\"https:\/\/intelligence.any.run\/analysis\/lookup#%7B%2522query%2522:%2522domainName:%255C%2522crowdstrike%255C%2522%2520AND%2520threatLevel:%255C%2522malicious%255C%2522%2520%2522,%2522dateRange%2522:180%7D\"  rel=\"\" target=\"_blank\" data-cell-id=\"00\" data-link-url=\"https:\/\/intelligence.any.run\/analysis\/lookup#%7B%2522query%2522:%2522domainName:%255C%2522crowdstrike%255C%2522%2520AND%2520threatLevel:%255C%2522malicious%255C%2522%2520%2522,%2522dateRange%2522:180%7D\" data-link-text=\"domainName:\u201dcrowdstrike&quot; AND threatLevel:&quot;malicious&quot;\" data-link-target=\"true\" data-link-nofollow=\"0\" data-link-noreferrer=\"0\" data-link-sponsored=\"0\" data-link-btn-status=\"0\" data-link-btn-class=\"\" data-link-content=\"wpdt-link-content\">domainName:\u201dcrowdstrike&quot; AND threatLevel:&quot;malicious&quot;<\/a>\n<br>\n<br>\n<a class=\"wpdt-link-content\" style=\"color: #009cff; text-decoration: underline\" href=\"https:\/\/intelligence.any.run\/analysis\/lookup#%7B%2522query%2522:%2522domainName:%255C%2522falcon%255C%2522%2520AND%2520threatLevel:%255C%2522malicious%255C%2522%2520%2522,%2522dateRange%2522:180%7D\"\u00a0 rel=\"\" target=\"_blank\" data-cell-id=\"00\" data-link-url=\"https:\/\/intelligence.any.run\/analysis\/lookup#%7B%2522query%2522:%2522domainName:%255C%2522falcon%255C%2522%2520AND%2520threatLevel:%255C%2522malicious%255C%2522%2520%2522,%2522dateRange%2522:180%7D\" data-link-text=\"domainName:\u201dfalcon&quot; AND threatLevel:&quot;malicious&quot;\" data-link-target=\"true\" data-link-nofollow=\"0\" data-link-noreferrer=\"0\" data-link-sponsored=\"0\" data-link-btn-status=\"0\" data-link-btn-class=\"\" data-link-content=\"wpdt-link-content\">domainName:\u201dcrowdstrike&quot; AND threatLevel:&quot;malicious&quot;<\/a>                    <\/td>\n                                        <\/tr>\n                    <\/table>\n<\/div><style id='wpdt-custom-style-115'>\ntable#wpdtSimpleTable-115{ table-layout: fixed !important; }\ntable#wpdtSimpleTable-115 td, table.wpdtSimpleTable115 th { white-space: normal !important; }\n<\/style>\n\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\n\nSee how ANY.RUN\u2019s <span class=\"highlight\">TI Lookup<\/span> can help your team&nbsp;\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/intelligence.any.run\/plans\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=threats_crowdstrike&#038;utm_term=230724&#038;utm_content=linktotiplans\/\" rel=\"noopener\" target=\"_blank\">\nRequest a free trial\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<p class=\"wp-block-paragraph\">Our analysts have created a Suricata rule to identify domains that may contain phishing or malicious software.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"925\" height=\"473\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image2-3.png\" alt=\"\" class=\"wp-image-8252\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image2-3.png 925w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image2-3-300x153.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image2-3-768x393.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image2-3-370x189.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image2-3-270x138.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image2-3-585x300.png 585w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image2-3-740x378.png 740w\" sizes=\"auto, (max-width: 925px) 100vw, 925px\" \/><figcaption class=\"wp-element-caption\"><em>Suricata rule used for detecting fake domains<\/em><\/figcaption><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">Such domains are now tagged with &#8220;fakedomain&#8221; to warn users of potential dangers. Use this tag in <em>Public Submissions <\/em>to locate additional samples:<\/p>\n\n\n\n<div class=\"wpdt-c row wpDataTableContainerSimpleTable wpDataTables wpDataTablesWrapper\n\"\n    >\n        <table id=\"wpdtSimpleTable-116\"\n           style=\"border-collapse:collapse;\n                   border-spacing:0px;\"\n           class=\"wpdtSimpleTable wpDataTable\"\n           data-column=\"1\"\n           data-rows=\"1\"\n           data-wpID=\"116\"\n           data-responsive=\"0\"\n           data-has-header=\"0\">\n\n                    <tbody>        <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A1\"\n                    data-col-index=\"0\"\n                    data-row-index=\"0\"\n                    style=\" width:100%;                    padding:10px;\n                    \"\n                    >\n                                        <a class=\"wpdt-link-content\" style=\"color: #009cff; text-decoration: underline\" href=\"https:\/\/app.any.run\/submissions\/#tag:fakedomain\"  rel=\"\" target=\"_blank\" data-cell-id=\"00\" data-link-url=\"https:\/\/app.any.run\/submissions\/#tag:fakedomain\" data-link-text=\"https:\/\/app.any.run\/submissions\/#tag:fakedomain\" data-link-target=\"true\" data-link-nofollow=\"0\" data-link-noreferrer=\"0\" data-link-sponsored=\"0\" data-link-btn-status=\"0\" data-link-btn-class=\"\" data-link-content=\"wpdt-link-content\">https:\/\/app.any.run\/submissions\/#tag:fakedomain<\/a>                    <\/td>\n                                        <\/tr>\n                    <\/table>\n<\/div><style id='wpdt-custom-style-116'>\ntable#wpdtSimpleTable-116{ table-layout: fixed !important; }\ntable#wpdtSimpleTable-116 td, table.wpdtSimpleTable116 th { white-space: normal !important; }\n<\/style>\n\n\n\n\n<h2 class=\"wp-block-heading\">Malicious Archive with Remcos &nbsp;<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">After the incident, there has been a rise in campaigns spreading malware as updates or bug fixes.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">One of the <a href=\"https:\/\/app.any.run\/tasks\/5f515fa2-bd4a-49fd-88e2-d35b0c8376d9\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=threats_crowdstrike&amp;utm_term=230724&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">first instances<\/a> of malware observed by ANY.RUN, disguised as a CrowdStrike hotfix, was an archive containing Hijackloader.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"757\" height=\"482\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image3-1.png\" alt=\"\" class=\"wp-image-8253\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image3-1.png 757w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image3-1-300x191.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image3-1-370x236.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image3-1-270x172.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image3-1-740x471.png 740w\" sizes=\"auto, (max-width: 757px) 100vw, 757px\" \/><figcaption class=\"wp-element-caption\"><em>The malicious archive<\/em><\/figcaption><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">The malicious file, named &#8220;crowdstrike-hotfix&#8221;, was distributed from hxxps:\/\/portalintranetgrupobbva[.]com. After execution, it delivered Remcos to the infected system. &nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"493\" height=\"321\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image4-1.png\" alt=\"\" class=\"wp-image-8254\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image4-1.png 493w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image4-1-300x195.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image4-1-370x241.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image4-1-270x176.png 270w\" sizes=\"auto, (max-width: 493px) 100vw, 493px\" \/><figcaption class=\"wp-element-caption\"><em>Process tree in ANY.RUN showing the infection chain<\/em>&nbsp;<\/figcaption><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">To identify more suspicious files disguised as CrowdStrike updates, use TI Lookup with queries like:&nbsp;<\/p>\n\n\n\n<div class=\"wpdt-c row wpDataTableContainerSimpleTable wpDataTables wpDataTablesWrapper\n\"\n    >\n        <table id=\"wpdtSimpleTable-117\"\n           style=\"border-collapse:collapse;\n                   border-spacing:0px;\"\n           class=\"wpdtSimpleTable wpDataTable\"\n           data-column=\"1\"\n           data-rows=\"1\"\n           data-wpID=\"117\"\n           data-responsive=\"0\"\n           data-has-header=\"0\">\n\n                    <tbody>        <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A1\"\n                    data-col-index=\"0\"\n                    data-row-index=\"0\"\n                    style=\" width:100%;                    padding:10px;\n                    \"\n                    >\n                                        <a class=\"wpdt-link-content\" style=\"color: #009cff; text-decoration: underline\" href=\"https:\/\/intelligence.any.run\/analysis\/lookup#{%22query%22:%22fileName:%5C%22crowdstrike%5C%22%C2%A0AND%C2%A0threatLevel:%5C%22malicious%5C%22%22,%22dateRange%22:180}\"  rel=\"\" target=\"_blank\" data-cell-id=\"00\" data-link-url=\"https:\/\/intelligence.any.run\/analysis\/lookup#{%22query%22:%22fileName:%5C%22crowdstrike%5C%22%C2%A0AND%C2%A0threatLevel:%5C%22malicious%5C%22%22,%22dateRange%22:180}\" data-link-text=\"fileName:&quot;crowdstrike&quot; AND threatLevel:&quot;malicious&quot;\" data-link-target=\"true\" data-link-nofollow=\"0\" data-link-noreferrer=\"0\" data-link-sponsored=\"0\" data-link-btn-status=\"0\" data-link-btn-class=\"\" data-link-content=\"wpdt-link-content\">fileName:&quot;crowdstrike&quot; AND threatLevel:&quot;malicious&quot;<\/a>                    <\/td>\n                                        <\/tr>\n                    <\/table>\n<\/div><style id='wpdt-custom-style-117'>\ntable#wpdtSimpleTable-117{ table-layout: fixed !important; }\ntable#wpdtSimpleTable-117 td, table.wpdtSimpleTable117 th { white-space: normal !important; }\n<\/style>\n\n\n\n\n<h3 class=\"wp-block-heading\">IOCs:<\/h3>\n\n\n\n<div class=\"wpdt-c row wpDataTableContainerSimpleTable wpDataTables wpDataTablesWrapper\n\"\n    >\n        <table id=\"wpdtSimpleTable-119\"\n           style=\"border-collapse:collapse;\n                   border-spacing:0px;\"\n           class=\"wpdtSimpleTable wpDataTable\"\n           data-column=\"2\"\n           data-rows=\"16\"\n           data-wpID=\"119\"\n           data-responsive=\"0\"\n           data-has-header=\"0\">\n\n                    <tbody>        <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A1\"\n                    data-col-index=\"0\"\n                    data-row-index=\"0\"\n                    style=\" width:50%;                    padding:10px;\n                    \"\n                    >\n                                        crowdstrike-hotfix.zip\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B1\"\n                    data-col-index=\"1\"\n                    data-row-index=\"0\"\n                    style=\" width:50%;                    padding:10px;\n                    \"\n                    >\n                                        c44506fe6e1ede5a104008755abf5b6ace51f1a84ad656a2dccc7f2c39c0eca2\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A2\"\n                    data-col-index=\"0\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Setup.exe\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B2\"\n                    data-col-index=\"1\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        5ae3838d77c2102766538f783d0a4b4205e7d2cdba4e0ad2ab332dc8ab32fea9\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A3\"\n                    data-col-index=\"0\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        maddisAsm_.bpl\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B3\"\n                    data-col-index=\"1\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        52019f47f96ca868fa4e747c3b99cba1b7aa57317bf8ebf9fcbf09aa576fe006\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A4\"\n                    data-col-index=\"0\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        battuta.flv\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B4\"\n                    data-col-index=\"1\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        be074196291ccf74b3c4c8bd292f92da99ec37a25dc8af651bd0ba3f0d020349\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A5\"\n                    data-col-index=\"0\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        sqlite3.dll\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B5\"\n                    data-col-index=\"1\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        02f37a8e3d1790ac90c04bc50de73cd1a93e27caf833a1e1211b9cc6294ecee5\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A6\"\n                    data-col-index=\"0\"\n                    data-row-index=\"5\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        vclx120.bpl\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B6\"\n                    data-col-index=\"1\"\n                    data-row-index=\"5\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        2bdf023c439010ce0a786ec75d943a80a8f01363712bbf69afc29d3e2b5306ed\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A7\"\n                    data-col-index=\"0\"\n                    data-row-index=\"6\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        rtl120.bpl\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B7\"\n                    data-col-index=\"1\"\n                    data-row-index=\"6\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        b1fcb0339b9ef4860bb1ed1e5ba0e148321be64696af64f3b1643d1311028cb3\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A8\"\n                    data-col-index=\"0\"\n                    data-row-index=\"7\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        maidenhair.cfg\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B8\"\n                    data-col-index=\"1\"\n                    data-row-index=\"7\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        931308cfe733376e19d6cd2401e27f8b2945cec0b9c696aebe7029ea76d45bf6\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A9\"\n                    data-col-index=\"0\"\n                    data-row-index=\"8\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        datastate.dll\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B9\"\n                    data-col-index=\"1\"\n                    data-row-index=\"8\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        6010e2147a0f51a7bfa2f942a5a9eaad9a294f463f717963b486ed3f53d305c2\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A10\"\n                    data-col-index=\"0\"\n                    data-row-index=\"9\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        madexcept_.bpl\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B10\"\n                    data-col-index=\"1\"\n                    data-row-index=\"9\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        835f1141ece59c36b18e76927572d229136aeb12eff44cb4ba98d7808257c299\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A11\"\n                    data-col-index=\"0\"\n                    data-row-index=\"10\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        vcl120.bpl\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B11\"\n                    data-col-index=\"1\"\n                    data-row-index=\"10\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        b6f321a48812dc922b26953020c9a60949ec429a921033cfaf1e9f7d088ee628\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A12\"\n                    data-col-index=\"0\"\n                    data-row-index=\"11\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        madbasic_.bpl\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B12\"\n                    data-col-index=\"1\"\n                    data-row-index=\"11\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        d6d5ff8e9dc6d2b195a6715280c2f1ba471048a7ce68d256040672b801fda0ea\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A13\"\n                    data-col-index=\"0\"\n                    data-row-index=\"12\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        instrucciones.txt\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B13\"\n                    data-col-index=\"1\"\n                    data-row-index=\"12\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        4f450abaa4daf72d974a830b16f91deed77ba62412804dca41a6d42a7d8b6fd0\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A14\"\n                    data-col-index=\"0\"\n                    data-row-index=\"13\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Domain: \u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B14\"\n                    data-col-index=\"1\"\n                    data-row-index=\"13\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        hxxps:\/\/portalintranetgrupobbva[.]com\/\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A15\"\n                    data-col-index=\"0\"\n                    data-row-index=\"14\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        C2\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B15\"\n                    data-col-index=\"1\"\n                    data-row-index=\"14\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        213.5.130.58:443\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A16\"\n                    data-col-index=\"0\"\n                    data-row-index=\"15\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        URLs:\u00a0 \u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B16\"\n                    data-col-index=\"1\"\n                    data-row-index=\"15\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        mail.zoomfilms-cz[.]com\u00a0\u00a0 discussiowardder[.]website\u00a0\u00a0 wxt82[.]xyz\u00a0 \u00a0                    <\/td>\n                                        <\/tr>\n                    <\/table>\n<\/div><style id='wpdt-custom-style-119'>\ntable#wpdtSimpleTable-119{ table-layout: fixed !important; }\ntable#wpdtSimpleTable-119 td, table.wpdtSimpleTable119 th { white-space: normal !important; }\n<\/style>\n\n\n\n\n<h2 class=\"wp-block-heading\">Phishing Email with a Data Wiper&nbsp;<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">One of the most <a href=\"https:\/\/app.any.run\/tasks\/48e18e33-2007-49a8-aa60-d04c21e8fa11\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=threats_crowdstrike&amp;utm_term=230724&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">sophisticated attacks<\/a> involved the distribution of a data wiper.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"617\" height=\"544\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image5-1.png\" alt=\"\" class=\"wp-image-8255\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image5-1.png 617w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image5-1-300x265.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image5-1-370x326.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image5-1-270x238.png 270w\" sizes=\"auto, (max-width: 617px) 100vw, 617px\" \/><figcaption class=\"wp-element-caption\"><em>Phishing pdf<\/em>&nbsp;<\/figcaption><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">It began with the CrowdStrike-themed phishing email and PDF attachment, which, in turn, included a link to downloading a ZIP file.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"408\" height=\"620\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image.jpg\" alt=\"\" class=\"wp-image-8256\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image.jpg 408w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image-197x300.jpg 197w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image-370x562.jpg 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image-270x410.jpg 270w\" sizes=\"auto, (max-width: 408px) 100vw, 408px\" \/><figcaption class=\"wp-element-caption\"><em>Certificate verdict in ANY.RUN<\/em>&nbsp;<\/figcaption><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">The archive contained an executable that, once launched, asked the user if they wanted to install the update.&nbsp;&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"714\" height=\"544\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image2.jpg\" alt=\"\" class=\"wp-image-8257\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image2.jpg 714w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image2-300x229.jpg 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image2-370x282.jpg 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image2-270x206.jpg 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image2-80x60.jpg 80w\" sizes=\"auto, (max-width: 714px) 100vw, 714px\" \/><figcaption class=\"wp-element-caption\"><em>Destroyed file<\/em><\/figcaption><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">Upon launching, the wiper devastated the system by overwriting files with zero bytes and then reported it over Telegram.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/app.any.run\/tasks\/14fc6a8a-6fd7-431f-aba5-d3177b47690f\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=threats_crowdstrike&amp;utm_term=230724&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">See analysis session in ANY.RUN<\/a>&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">IOCs<\/h3>\n\n\n\n<div class=\"wpdt-c row wpDataTableContainerSimpleTable wpDataTables wpDataTablesWrapper\n\"\n    >\n        <table id=\"wpdtSimpleTable-120\"\n           style=\"border-collapse:collapse;\n                   border-spacing:0px;\"\n           class=\"wpdtSimpleTable wpDataTable\"\n           data-column=\"2\"\n           data-rows=\"4\"\n           data-wpID=\"120\"\n           data-responsive=\"0\"\n           data-has-header=\"0\">\n\n                    <tbody>        <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A1\"\n                    data-col-index=\"0\"\n                    data-row-index=\"0\"\n                    style=\" width:50%;                    padding:10px;\n                    \"\n                    >\n                                        update2.pdf\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B1\"\n                    data-col-index=\"1\"\n                    data-row-index=\"0\"\n                    style=\" width:50%;                    padding:10px;\n                    \"\n                    >\n                                        1bbb795ce19f4dcc4ac9f8e8c12f3452f1f07c68a53ef631c76e392e1d06ea43\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A2\"\n                    data-col-index=\"0\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        update.zip\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B2\"\n                    data-col-index=\"1\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        96dec6e07229201a02f538310815c695cf6147c548ff1c6a0def2fe38f3dcbc8\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A3\"\n                    data-col-index=\"0\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        CrowdStrike.exe\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B3\"\n                    data-col-index=\"1\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        4491901eff338ab52c85a77a3fbd3ce80fda738046ee3b7da7be468da5b331a3\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A4\"\n                    data-col-index=\"0\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        URL\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B4\"\n                    data-col-index=\"1\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        hxxps:\/\/link.storjshare[.]io\/s\/jwyite7mez2ilyvm2esxw2jq3apq\/crowdstrikeisrael\/update.zip?download=1\u00a0                    <\/td>\n                                        <\/tr>\n                    <\/table>\n<\/div><style id='wpdt-custom-style-120'>\ntable#wpdtSimpleTable-120{ table-layout: fixed !important; }\ntable#wpdtSimpleTable-120 td, table.wpdtSimpleTable120 th { white-space: normal !important; }\n<\/style>\n\n\n\n\n<h2 class=\"wp-block-heading\">Malicious Document with a Stealer&nbsp;<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Attackers also used other ways to trick unsuspecting victims into running malware. &nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The picture below shows a <a href=\"https:\/\/app.any.run\/tasks\/2d27f10a-bb78-4b0a-b0d7-6a9c95e509f4\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=threats_crowdstrike&amp;utm_term=230724&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">harmful document<\/a> that claims to provide instructions on how to resolve the issue. &nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Yet, when opened, it uses a bad VBS (Visual Basic Script) to start a series of tools on the infected computer. &nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"884\" height=\"680\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image6.png\" alt=\"\" class=\"wp-image-8258\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image6.png 884w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image6-300x231.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image6-768x591.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image6-370x285.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image6-270x208.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image6-740x569.png 740w\" sizes=\"auto, (max-width: 884px) 100vw, 884px\" \/><figcaption class=\"wp-element-caption\"><em>The malicious .docm file that kickstarts the malware<\/em><\/figcaption><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">After execution, it downloads and launches&nbsp;a <a href=\"https:\/\/app.any.run\/tasks\/1a9e6ba2-88bf-4b13-8b69-78cfbd82518d\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=threats_crowdstrike&amp;utm_term=230724&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">stealer malware<\/a> using curl.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">IOCs<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Malicious document<\/strong><\/p>\n\n\n\n<div class=\"wpdt-c row wpDataTableContainerSimpleTable wpDataTables wpDataTablesWrapper\n\"\n    >\n        <table id=\"wpdtSimpleTable-121\"\n           style=\"border-collapse:collapse;\n                   border-spacing:0px;\"\n           class=\"wpdtSimpleTable wpDataTable\"\n           data-column=\"2\"\n           data-rows=\"3\"\n           data-wpID=\"121\"\n           data-responsive=\"0\"\n           data-has-header=\"0\">\n\n                    <tbody>        <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A1\"\n                    data-col-index=\"0\"\n                    data-row-index=\"0\"\n                    style=\" width:50%;                    padding:10px;\n                    \"\n                    >\n                                        Name\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B1\"\n                    data-col-index=\"1\"\n                    data-row-index=\"0\"\n                    style=\" width:50%;                    padding:10px;\n                    \"\n                    >\n                                        New_Recovery_Tool_to_help_with_CrowdStrike_issue_impacting_Windows.docm\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A2\"\n                    data-col-index=\"0\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Hash sum\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B2\"\n                    data-col-index=\"1\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        803727ccdf441e49096f3fd48107a5fe55c56c080f46773cd649c9e55ec1be61\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A3\"\n                    data-col-index=\"0\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        URL\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B3\"\n                    data-col-index=\"1\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        hxxp[:\/\/]172.104.160[.]126:8099\/payload2[.]txt\u00a0                    <\/td>\n                                        <\/tr>\n                    <\/table>\n<\/div><style id='wpdt-custom-style-121'>\ntable#wpdtSimpleTable-121{ table-layout: fixed !important; }\ntable#wpdtSimpleTable-121 td, table.wpdtSimpleTable121 th { white-space: normal !important; }\n<\/style>\n\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Stealer<\/strong><\/p>\n\n\n\n<div class=\"wpdt-c row wpDataTableContainerSimpleTable wpDataTables wpDataTablesWrapper\n\"\n    >\n        <table id=\"wpdtSimpleTable-122\"\n           style=\"border-collapse:collapse;\n                   border-spacing:0px;\"\n           class=\"wpdtSimpleTable wpDataTable\"\n           data-column=\"2\"\n           data-rows=\"2\"\n           data-wpID=\"122\"\n           data-responsive=\"0\"\n           data-has-header=\"0\">\n\n                    <tbody>        <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A1\"\n                    data-col-index=\"0\"\n                    data-row-index=\"0\"\n                    style=\" width:50%;                    padding:10px;\n                    \"\n                    >\n                                        Hash sum\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B1\"\n                    data-col-index=\"1\"\n                    data-row-index=\"0\"\n                    style=\" width:50%;                    padding:10px;\n                    \"\n                    >\n                                        4ad9845e691dd415420e0c253ba452772495c0b971f48294b54631e79a22644a\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A2\"\n                    data-col-index=\"0\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        URL\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B2\"\n                    data-col-index=\"1\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        172.104.160.126:5000\u00a0                    <\/td>\n                                        <\/tr>\n                    <\/table>\n<\/div><style id='wpdt-custom-style-122'>\ntable#wpdtSimpleTable-122{ table-layout: fixed !important; }\ntable#wpdtSimpleTable-122 td, table.wpdtSimpleTable122 th { white-space: normal !important; }\n<\/style>\n\n\n\n\n<h2 class=\"wp-block-heading\">Recommendations&nbsp;<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Users and organizations are advised to remain vigilant and thoroughly verify any updates or hotfixes before installation.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For any information concerning the course of action for affected users, it is important to follow CrowdStrike\u2019s official statements and guidance.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;&nbsp;<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">ANY.RUN helps more than 400,000 cybersecurity professionals worldwide. Our <a href=\"http:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=threats_crowdstrike&amp;utm_term=230724&amp;utm_content=linktolanding\/\" target=\"_blank\" rel=\"noreferrer noopener\">interactive sandbox<\/a> simplifies malware analysis of threats that target both Windows and <a href=\"https:\/\/any.run\/cybersecurity-blog\/linux-malware-analysis-cases\/\" target=\"_blank\" rel=\"noreferrer noopener\">Linux<\/a> systems. Our threat intelligence products, <a href=\"https:\/\/any.run\/cybersecurity-blog\/introducing-any-run-threat-intelligence-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">TI Lookup<\/a>, <a href=\"https:\/\/any.run\/cybersecurity-blog\/yara-search\/\" target=\"_blank\" rel=\"noreferrer noopener\">Yara Search<\/a> and <a href=\"https:\/\/any.run\/cybersecurity-blog\/ti-feeds-integration\/\" target=\"_blank\" rel=\"noreferrer noopener\">Feeds<\/a>, help you find <a href=\"https:\/\/any.run\/cybersecurity-blog\/indicators-of-compromise\/\" target=\"_blank\" rel=\"noreferrer noopener\">IOCs<\/a> or files to learn more about the threats and respond to incidents faster.&nbsp;&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A recent update by CrowdStrike on July 18, 2024, resulted in a worldwide outage, causing significant disruption for users who were left with blue screens of death (BSODs) on their devices. Cybercriminals seized the opportunity to target affected users with phishing scams and malware.\u00a0 The ANY.RUN team has been closely monitoring the situation after the [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":8259,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[8],"tags":[57,10,34],"class_list":["post-8248","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-malware-analysis","tag-anyrun","tag-cybersecurity","tag-malware-analysis"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Find Threats Exploiting CrowdStrike Outage  with TI Lookup \u00a0 - ANY.RUN&#039;s Cybersecurity Blog<\/title>\n<meta name=\"description\" content=\"See how attackers exploited the global outage caused by CrowdStrike&#039;s faulty update and collect up-to-date threat intelligence.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/crowdstrike-outage-abuse\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/crowdstrike-outage-abuse\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/crowdstrike-outage-abuse\\\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\\\/\\\/any.run\\\/\"},\"headline\":\"Find Threats Exploiting CrowdStrike Outage with TI Lookup \u00a0\",\"datePublished\":\"2024-07-23T13:37:41+00:00\",\"dateModified\":\"2024-07-24T14:04:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/crowdstrike-outage-abuse\\\/\"},\"wordCount\":775,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/any.run\\\/\"},\"image\":{\"@id\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/crowdstrike-outage-abuse\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/wp-content\\\/uploads\\\/2024\\\/07\\\/crowdstrike_blog.jpg\",\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"malware analysis\"],\"articleSection\":[\"Malware Analysis\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/crowdstrike-outage-abuse\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/crowdstrike-outage-abuse\\\/\",\"url\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/crowdstrike-outage-abuse\\\/\",\"name\":\"Find Threats Exploiting CrowdStrike Outage with TI Lookup \u00a0 - ANY.RUN&#039;s Cybersecurity Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/any.run\\\/\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/crowdstrike-outage-abuse\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/crowdstrike-outage-abuse\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/wp-content\\\/uploads\\\/2024\\\/07\\\/crowdstrike_blog.jpg\",\"datePublished\":\"2024-07-23T13:37:41+00:00\",\"dateModified\":\"2024-07-24T14:04:58+00:00\",\"description\":\"See how attackers exploited the global outage caused by CrowdStrike's faulty update and collect up-to-date threat intelligence.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/crowdstrike-outage-abuse\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/crowdstrike-outage-abuse\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/crowdstrike-outage-abuse\\\/#primaryimage\",\"url\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/wp-content\\\/uploads\\\/2024\\\/07\\\/crowdstrike_blog.jpg\",\"contentUrl\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/wp-content\\\/uploads\\\/2024\\\/07\\\/crowdstrike_blog.jpg\",\"width\":1400,\"height\":681,\"caption\":\"crowdstrike outage\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/crowdstrike-outage-abuse\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Malware Analysis\",\"item\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/category\\\/malware-analysis\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Find Threats Exploiting CrowdStrike Outage with TI Lookup \u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/any.run\\\/\",\"url\":\"https:\\\/\\\/any.run\\\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\\\/\\\/any.run\\\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/any.run\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/any.run\\\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\\\/\\\/any.run\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/any.run\\\/\",\"url\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\\\/\\\/any.run\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/www.any.run\\\/\",\"https:\\\/\\\/x.com\\\/anyrun_app\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/30692044\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/any.run\\\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4a921d1fbcf45a0476667c89b7999bc2bb3c028b518acc569da69c8797e53a84?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4a921d1fbcf45a0476667c89b7999bc2bb3c028b518acc569da69c8797e53a84?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4a921d1fbcf45a0476667c89b7999bc2bb3c028b518acc569da69c8797e53a84?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\\\/\\\/any.run\\\/cybersecurity-blog\\\/author\\\/a-bespalova\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Find Threats Exploiting CrowdStrike Outage  with TI Lookup \u00a0 - ANY.RUN&#039;s Cybersecurity Blog","description":"See how attackers exploited the global outage caused by CrowdStrike's faulty update and collect up-to-date threat intelligence.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/crowdstrike-outage-abuse\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/crowdstrike-outage-abuse\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/crowdstrike-outage-abuse\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"Find Threats Exploiting CrowdStrike Outage with TI Lookup \u00a0","datePublished":"2024-07-23T13:37:41+00:00","dateModified":"2024-07-24T14:04:58+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/crowdstrike-outage-abuse\/"},"wordCount":775,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"image":{"@id":"https:\/\/any.run\/cybersecurity-blog\/crowdstrike-outage-abuse\/#primaryimage"},"thumbnailUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/crowdstrike_blog.jpg","keywords":["ANYRUN","cybersecurity","malware analysis"],"articleSection":["Malware Analysis"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/crowdstrike-outage-abuse\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/crowdstrike-outage-abuse\/","url":"https:\/\/any.run\/cybersecurity-blog\/crowdstrike-outage-abuse\/","name":"Find Threats Exploiting CrowdStrike Outage with TI Lookup \u00a0 - ANY.RUN&#039;s Cybersecurity Blog","isPartOf":{"@id":"https:\/\/any.run\/"},"primaryImageOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/crowdstrike-outage-abuse\/#primaryimage"},"image":{"@id":"https:\/\/any.run\/cybersecurity-blog\/crowdstrike-outage-abuse\/#primaryimage"},"thumbnailUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/crowdstrike_blog.jpg","datePublished":"2024-07-23T13:37:41+00:00","dateModified":"2024-07-24T14:04:58+00:00","description":"See how attackers exploited the global outage caused by CrowdStrike's faulty update and collect up-to-date threat intelligence.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/crowdstrike-outage-abuse\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/crowdstrike-outage-abuse\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/cybersecurity-blog\/crowdstrike-outage-abuse\/#primaryimage","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/crowdstrike_blog.jpg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/crowdstrike_blog.jpg","width":1400,"height":681,"caption":"crowdstrike outage"},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/crowdstrike-outage-abuse\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Malware Analysis","item":"https:\/\/any.run\/cybersecurity-blog\/category\/malware-analysis\/"},{"@type":"ListItem","position":3,"name":"Find Threats Exploiting CrowdStrike Outage with TI Lookup \u00a0"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/x.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/4a921d1fbcf45a0476667c89b7999bc2bb3c028b518acc569da69c8797e53a84?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/4a921d1fbcf45a0476667c89b7999bc2bb3c028b518acc569da69c8797e53a84?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4a921d1fbcf45a0476667c89b7999bc2bb3c028b518acc569da69c8797e53a84?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/8248","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=8248"}],"version-history":[{"count":11,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/8248\/revisions"}],"predecessor-version":[{"id":8424,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/8248\/revisions\/8424"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/8259"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=8248"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=8248"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=8248"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}