IOK Rules: target_country.global

This phishing kit has been observed to target various postal services & government-related websites such as tolls, as well as mobile phone companies like Vodafone. Based upon these observations through scanning URLScan filtered results, this kit appears to be operated by a Chinese-speaking phishing gang codenamed `PostalFurious` (coined by GROUP-IB).

Detect phishing sites that contain two distinctive files named ResourceRedConfig.js and urlConfig.json. These files are indicative of a phishing kit developed by a Chinese threat actor named Chenlun.