Hi Mark, Thanks for sharing. Some of the domains are registered through Namecheap, and we suspended the following:
crowdfalcon-immed-update [.] com crowdstrike-bsod [.] com fix-crowdstrike-bsod [.] com crowdstrikefix [.] com crashstrike [.] com My team could not confirm any abusive content on the other two domains registered to Namecheap (clownstrike [.] co [.] uk and crowdpass [.] live), and they do not appear on blocklists yet. If anyone encounters these domains being used for malicious purposes, please let me know. I also shared the list of domains on a registrar security channel for other registrars to review/action. Regards, Owen > On Jul 19, 2024, at 10:54, Mark Alley via mailop <mailop@mailop.org> wrote: > > CAUTION: This email originated from outside the organization. Do not click > links unless you can confirm the sender and know the content is safe. > Hey Mailop friends, sharing info here from the email security community. > > I'm sure many of you are already very acutely aware of the Crowdstrike outage > going on globally right now. Threat actors have started to register and > operationalize domains capitalizing on this outage, noted TA domains are > below for blocking: > > crowdstrike-helpdesk[.]com > crowdstrikebluescreen[.]com > crowdstrike-bsod[.]com > crowdstrikedown[.]site > crowdstrike0day[.]com > crowdstrikedoomsday[.]com > crowdstrikefix[.]com > crashstrike[.]com > crowdstriketoken[.]com > fix-crowdstrike-bsod[.]com > bsodsm8r[.]xamzgjedu[.]com > crowdstrikebsodfix[.]blob[.]core[.]windows[.]net > crowdstrikecommuication[.]app > fix-crowdstrike-apocalypse[.]com > supportportal-crowdstrike-com[.]translate[.]goog > crowdstrike-cloudtrail-storage-bb-126d5e[.]s3[.]us-west-1[.]amazonaws[.]com > crowdstrikeoutage[.]info > clownstrike[.]co[.]uk > crowdstrikebsod[.]com > whatiscrowdstrike[.]com > clownstrike[.]co > microsoftcrowdstrike[.]com > crowdfalcon-immed-update[.]com > crowdstuck[.]org > failstrike[.]com > winsstrike[.]com > crowdpass[.]live > crowdstrokeme[.]me > crowdstrikerecovery1.blob.core[.]windows[.]net > crowdstrikeupdate[.]com > > > > - Mark Alley > > ******************** > CAUTION: > This email originated from outside the organization. Do not click > links unless you can confirm the sender and know the content is safe. > ******************** > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
