Phishing Campaigns Targeting USPS See as Much Web Traffic as the USPS Itself

May 1, 2024, 11:07 p.m.

Description

Following the 2023 holiday season, Akamai researchers uncovered a significant amount of highly likely malicious activity and domains purporting to be associated with the United States Postal Service (USPS). Akamai researchers compared five months of DNS traffic to the legitimate domain, usps.com, with DNS traffic to illegitimate combosquatted domain names.

External References

https://www.akamai.com/blog/security-research/2024/apr/phishing-usps-malicious-domains-traffic-equal-to-legitimate-traffic
https://otx.alienvault.com/pulse/662ff1ec26bd06238df792e8
Tags
powershell
cobalt strike
icedid
sharefinder
lsass
javascript file
amazon
usps
dns query
dll file

Date

  • Created: April 29, 2024, 7:15 p.m.
  • Published: April 29, 2024, 7:15 p.m.
  • Modified: May 1, 2024, 11:07 p.m.

Indicators

  • usps.solutions
  • 172.86.125.227
  • 155.94.156.254
  • 155.94.151.28
  • 155.94.135.202
  • 107.150.7.53
  • 104.223.16.2
  • usps.parceltracker-us.com
  • us.ps393.com
  • tools.usps-lookup.com
  • uspsposts.com
  • uspspostoffices.top
  • uspspostoffice.top
  • uspspost.me
  • uspsos.com
  • uspshelp.vip
  • uspshelp.store
  • uspsaps.top
  • usps-stampservice.com
  • usps-shopusa.shop
  • usps-shop.shop
  • usps-pst.xyz
  • usps-postoffices.top
  • usps-post.world
  • usps-post.vip
  • usps-post.today
  • usps-mlpackage.com
  • usps-lookup.com
  • usps-find.com
  • usps-deliveryservice.icu
  • stamps-usps.online
  • gh-usps.shop
  • appusps.com
  • alter-usps.shop
Download all indicators here!

Attack Patterns

  • Sharefinder
  • IcedID
  • Cobalt Strike