Network Abuses Leveraging High-Profile Events: Suspicious Domain Registrations and Other Scams

    Friday, December 13, 2024 In: Threat Research Print

    Date: 12/13 /2024

    Severity: High 

    Summary

    Threat actors often capitalize on trending events, such as global sporting championships, to execute attacks like phishing and scams. As a result, proactive monitoring of event-related domain abuse is vital for cybersecurity teams. Our investigations into network abuse frequently identify suspicious domain registration campaigns, especially those incorporating event-specific keywords or phrases. These campaigns typically spike around major events.

    Indicators of Compromise (IOC) List

    Domains\Urls : 

    2024olympicslive.com

    2024parisolympicathletes.com

    olympicparis2024.com

    paris-olympics2024.com

    paris24olympics.com

    parisolympic24.com

    parisolympicgames2024.com

    parisolympicgames2024official.com

    parisolympicgamesevents.com

    parisolympicgamesofficial.com

    parisolympicgamestickets.com

    parisolympicsphotographe.com

    parisolympictickets.com

    2024olympics-shop.com

    climbolympic.com

    allolympic.com

    olympiarealestate-online.com

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Domains\Urls  :

    userdomainname like "2024olympicslive.com" or url like "2024olympicslive.com" or userdomainname like "olympiarealestate-online.com" or url like "olympiarealestate-online.com" or userdomainname like "2024parisolympicathletes.com" or url like "2024parisolympicathletes.com" or userdomainname like "olympicparis2024.com" or url like "olympicparis2024.com" or userdomainname like "paris24olympics.com" or url like "paris24olympics.com" or userdomainname like "parisolympic24.com" or url like "parisolympic24.com" or userdomainname like "parisolympicgames2024official.com" or url like "parisolympicgames2024official.com" or userdomainname like "2024olympics-shop.com" or url like "2024olympics-shop.com" or userdomainname like "parisolympicgames2024.com" or url like "parisolympicgames2024.com" or userdomainname like "parisolympicsphotographe.com" or url like "parisolympicsphotographe.com" or userdomainname like "allolympic.com" or url like "allolympic.com" or userdomainname like "parisolympicgamestickets.com" or url like "parisolympicgamestickets.com" or userdomainname like "paris-olympics2024.com" or url like "paris-olympics2024.com" or userdomainname like "parisolympictickets.com" or url like "parisolympictickets.com" or userdomainname like "parisolympicgamesevents.com" or url like "parisolympicgamesevents.com" or userdomainname like "parisolympicgamesofficial.com" or url like "parisolympicgamesofficial.com" or userdomainname like "climbolympic.com" or url like "climbolympic.com"

    Reference:   

    https://unit42.paloaltonetworks.com/suspicious-domain-registration-campaigns/  


    Tags

    MalwarePhishing

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2024 by Gurucul - All rights reserved.