Date: 10/29/2024
Severity: Medium
Summary
The report "Newly-Registered Domains for 2024 US Presidential Election Scams" discusses the increase in domain registrations related to election scams as the 2024 US elections approach. These scams target supporters of both major presidential candidates and include cryptocurrency fraud, donation phishing, and fake shopping websites. The report provides six specific examples of these deceptive sites, highlighting the urgent need for awareness and caution among voters.
Indicators of Compromise (IOC) List
URL/Domains | kamala6900.site kamala-haris.com kalamityharris.shop trump2024eth.vip trump47president.xyz trumpusa.vip |
Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection
Detection Query 1 | userdomainname like "kamala6900.site" or url like "kamala6900.site" or userdomainname like "kamala-haris.com" or url like "kamala-haris.com" or userdomainname like "kalamityharris.shop" or url like "kalamityharris.shop" or userdomainname like "trump2024eth.vip" or url like "trump2024eth.vip" or userdomainname like "trump47president.xyz" or url like "trump47president.xyz" or userdomainname like "trumpusa.vip" or url like "trumpusa.vip" |
Reference:
https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-10-29-IOCs-for-US-election-scams.txt