Date: 04/14/2025
Severity: Critical
Summary
We've observed multiple newly registered domains containing the term "nintendo," emerging shortly after the announcement of the Switch 2 console. These domains are linked to phishing websites and monetized parking pages. The phishing sites mimic Nintendo’s branding, including logos and character imagery, to deceive users.
Indicators of Compromise (IOC) List
Domains \ URLs : | nintendo-club.top nintendo-games.click nintendo-games.top htnintendo.com httnintendo.com nintendogamersguide.com nintendogiftcard.com nintendothailand.com classicnintendo.com nintendobro.com |
Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection
Domains \ URLs : | domainname like "nintendo-games.click" or url like "nintendo-games.click" or siteurl like "nintendo-games.click" or domainname like "nintendobro.com" or url like "nintendobro.com" or siteurl like "nintendobro.com" or domainname like "nintendo-games.top" or url like "nintendo-games.top" or siteurl like "nintendo-games.top" or domainname like "nintendo-club.top" or url like "nintendo-club.top" or siteurl like "nintendo-club.top" or domainname like "htnintendo.com" or url like "htnintendo.com" or siteurl like "htnintendo.com" or domainname like "httnintendo.com" or url like "httnintendo.com" or siteurl like "httnintendo.com" or domainname like "nintendogiftcard.com" or url like "nintendogiftcard.com" or siteurl like "nintendogiftcard.com" or domainname like "nintendothailand.com" or url like "nintendothailand.com" or siteurl like "nintendothailand.com" or domainname like "classicnintendo.com" or url like "classicnintendo.com" or siteurl like "classicnintendo.com" or domainname like "nintendogamersguide.com" or url like "nintendogamersguide.com" or siteurl like "nintendogamersguide.com" |
Reference:
https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-04-10-phishing-campaign-impersonating-Nintendo.txt