This phishing kit has been observed to target various postal services & government-related websites such as tolls, as well as mobile phone companies like Vodafone.
Based upon these observations through scanning URLScan
filtered results, this kit appears to be operated by a
Chinese-speaking phishing gang codenamed PostalFurious
(coined by GROUP-IB).
title: PostalFurious Phishing Kit f25f698b
description: |
This phishing kit has been observed to target
various postal services & government-related
websites such as tolls, as well as mobile phone
companies like Vodafone.
Based upon these observations through scanning URLScan
filtered results, this kit appears to be operated by a
Chinese-speaking phishing gang codenamed `PostalFurious`
(coined by GROUP-IB).
references:
- https://www.group-ib.com/blog/phishing-investigation-guide/
- https://www.group-ib.com/media-center/press-releases/postalfurious/
- https://urlscan.io/result/11a75319-3f37-4993-9d3d-fc268dd01d20
- https://urlscan.io/result/c4f93aaf-833b-4ca9-86c9-7be303bd386c
- https://urlscan.io/result/859b1cd4-470e-440d-b7d9-7dcae81e80b2
detection:
kitPaths:
requests|contains|all:
- '/api/save-data'
- '/api/get-app-settings'
- '/api/get-next-domain'
- '/api/can-active'
- '/api/get-settings'
- '/api/logger'
condition: kitPaths
tags:
- threat_actor.postalfurious
- threat_actor_country.china
- target_country.global
- kit