Similarities in Phishing Infrastructure Between Tokyo Olympics & Paris 2024 Olympics

    Wednesday, August 14, 2024 In: Threat Research Print

    Date: 08/14/2024

    Severity: Medium

    Summary

    The summary highlights that there are notable similarities in the phishing infrastructure used for the Tokyo 2020 Olympics and the upcoming Paris 2024 Olympics. Attackers appear to be using comparable methods and techniques to exploit major sporting events for phishing campaigns. These similarities include the use of similar phishing domains, email templates, and social engineering tactics designed to trick individuals into disclosing personal or financial information. The pattern suggests a coordinated approach to targeting high-profile events, underscoring the need for heightened security measures and awareness to protect against such attacks.

    Indicators of Compromise (IOC) List

    URL/Domain

    olympictickets2020.com

    2021olympicupdates.live

    tokyoolympicsport.com

    olympics2021.in

    2021olympicupdates.com

    2021olympicupdateslive.com

    olympics2020.in

    tokyoolympicplay.com

    usolympics2021.com

    paris-olympics2024.com

    olympicgames2021.co.za

    olympic2021.in

    usolympics2020.com

    paris24olympics.com

    2024olympicslive.com

    2024parisolympicathletes.com

    olympicparis2024.com

    parisolympic24.com

    parisolympicgames2024.com

    parisolympicgames2024official.com

    parisolympicgamesevents.com

    parisolympicgamesofficial.com

    parisolympicgamestickets.com

    parisolympicsphotographe.com

    parisolympictickets.com

    IP Address

    76.223.54.146

    3.33.152.147

    3.64.163.50

    34.98.99.30

    34.102.136.180

    184.168.131.241

    13.248.213.45

    76.223.67.189

    15.197.142.173

    13.248.169.48

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    URL/Domain

    userdomainname like "olympictickets2020.com" or url like "olympictickets2020.com" or userdomainname like "2021olympicupdates.live" or url like "2021olympicupdates.live" or userdomainname like "tokyoolympicsport.com" or url like "tokyoolympicsport.com" or userdomainname like "olympics2021.in" or url like "olympics2021.in" or userdomainname like "2021olympicupdates.com" or url like "2021olympicupdates.com" or userdomainname like "2021olympicupdateslive.com" or url like "2021olympicupdateslive.com" or userdomainname like "olympics2020.in" or url like "olympics2020.in" or userdomainname like "tokyoolympicplay.com" or url like "tokyoolympicplay.com" or userdomainname like "usolympics2021.com" or url like "usolympics2021.com" or userdomainname like "paris-olympics2024.com" or url like "paris-olympics2024.com" or userdomainname like "olympicgames2021.co.za" or url like "olympicgames2021.co.za" or userdomainname like "olympic2021.in" or url like "olympic2021.in" or userdomainname like "usolympics2020.com" or url like "usolympics2020.com" or userdomainname like "paris24olympics.com" or url like "paris24olympics.com"

    URL/Domain

    userdomainname like "2024olympicslive.com" or url like "2024olympicslive.com" or userdomainname like "2024parisolympicathletes.com" or url like "2024parisolympicathletes.com" or userdomainname like "olympicparis2024.com" or url like "olympicparis2024.com" or userdomainname like "parisolympic24.com" or url like "parisolympic24.com" or userdomainname like "parisolympicgames2024.com" or url like "parisolympicgames2024.com" or userdomainname like "parisolympicgames2024official.com" or url like "parisolympicgames2024official.com" or userdomainname like "parisolympicgamesevents.com" or url like "parisolympicgamesevents.com" or userdomainname like "parisolympicgamesofficial.com" or url like "parisolympicgamesofficial.com" or userdomainname like "parisolympicgamestickets.com" or url like "parisolympicgamestickets.com" or userdomainname like "parisolympicsphotographe.com" or url like "parisolympicsphotographe.com" or userdomainname like "parisolympictickets.com" or url like "parisolympictickets.com"

    IP Address

    dstipaddress IN ("76.223.54.146","3.33.152.147","3.64.163.50","34.98.99.30","34.102.136.180","184.168.131.241","13.248.213.45","76.223.67.189","15.197.142.173","13.248.169.48") or ipaddress IN ("76.223.54.146","3.33.152.147","3.64.163.50","34.98.99.30","34.102.136.180","184.168.131.241","13.248.213.45","76.223.67.189","15.197.142.173","13.248.169.48") or publicipaddress IN ("76.223.54.146","3.33.152.147","3.64.163.50","34.98.99.30","34.102.136.180","184.168.131.241","13.248.213.45","76.223.67.189","15.197.142.173","13.248.169.48") or srcipaddress IN ("76.223.54.146","3.33.152.147","3.64.163.50","34.98.99.30","34.102.136.180","184.168.131.241","13.248.213.45","76.223.67.189","15.197.142.173","13.248.169.48")

    Reference: 

    https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-08-12-Olympic-themed-domains-similar-infrastructure-2020-and-2024.txt

     

     


    Tags

    PhishingMalware

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.