Trusted Design

The Postal Group

概要

The Postal Group is active since at least 2013 and was responsible for multiple different malware campaigns in multiple different countries. Their main infection vector is phishing e-mails, which are designed to resemble tracking e-mails from different post offices around the world. This includes,among others, Poland, Australia, United Kingdom and Spain. This report aims to uncover at least some undertakings of that group and to connect different attacks across the globe.

Created: 2026-02-23

Indicators

類似Pulses

MALWARE POSING AS HUMAN RIGHTS ORGANIZATIONS AND COMMERCIAL SOFTWARE TARGETING IRANIANS AND FOREIGN POLICY INSTITUTIONS (score: 0.68)
Tracing Pony’s Threat Cycle and Multi-Stage Infection Chain (score: 0.64)
THL 2016-01-26: Parcel Tracking | Track and Trace Your EMS Post (score: 0.63)
Operation DustySky (score: 0.63)
THL 2015-11-23: UKMail 988271023 tracking information (score: 0.63)

このPulseに関連する脅威アクター (事実ベース)

Scattered Spider

Score: 28.97

Matched TTPs:

T1666 - Modify Cloud Resource Hierarchy
T1560.003 - Archive via Custom Method
T1578 - Modify Cloud Compute Infrastructure
T1566.002 - Spearphishing Link
T1583.001 - Domains
T1552.003 - Shell History
T1030 - Data Transfer Size Limits
T1197 - BITS Jobs
T1548.006 - TCC Manipulation

MITREへのリンク →

FIN4

Score: 9.12

Matched TTPs:

T1666 - Modify Cloud Resource Hierarchy
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1204.003 - Malicious Image

MITREへのリンク →

APT41

Score: 9.53

Matched TTPs:

T1560.003 - Archive via Custom Method
T1598.003 - Spearphishing Link
T1030 - Data Transfer Size Limits
T1548.006 - TCC Manipulation

MITREへのリンク →

TA505

Score: 5.61

Matched TTPs:

T1560.003 - Archive via Custom Method
T1543.003 - Windows Service
T1598.003 - Spearphishing Link

MITREへのリンク →

Volt Typhoon

Score: 8.15

Matched TTPs:

T1560.003 - Archive via Custom Method
T1134.002 - Create Process with Token
T1548.006 - TCC Manipulation

MITREへのリンク →

APT3

Score: 4.73

Matched TTPs:

T1560.003 - Archive via Custom Method
T1543.003 - Windows Service

MITREへのリンク →

FIN13

Score: 8.15

Matched TTPs:

T1560.003 - Archive via Custom Method
T1552.003 - Shell History
T1548.006 - TCC Manipulation

MITREへのリンク →

Ember Bear

Score: 3.62

Matched TTPs:

T1578 - Modify Cloud Compute Infrastructure

MITREへのリンク →

Silent Librarian

Score: 10.89

Matched TTPs:

T1578 - Modify Cloud Compute Infrastructure
T1566.002 - Spearphishing Link
T1183 - Image File Execution Options Injection
T1134.002 - Create Process with Token

MITREへのリンク →

Magic Hound

Score: 20.19

Matched TTPs:

T1578 - Modify Cloud Compute Infrastructure
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1183 - Image File Execution Options Injection
T1134.002 - Create Process with Token
T1204.003 - Malicious Image
T1547.008 - LSASS Driver

MITREへのリンク →

Kimsuky

Score: 30.49

Matched TTPs:

T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1131 - Authentication Package
T1183 - Image File Execution Options Injection
T1134.002 - Create Process with Token
T1552.003 - Shell History
T1562.013 - Disable or Modify Network Device Firewall
T1204.003 - Malicious Image
T1030 - Data Transfer Size Limits
T1197 - BITS Jobs

MITREへのリンク →

Sidewinder

Score: 8.40

Matched TTPs:

T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1657 - Financial Theft

MITREへのリンク →

Sandworm Team

Score: 11.93

Matched TTPs:

T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1183 - Image File Execution Options Injection
T1134.002 - Create Process with Token
T1548.006 - TCC Manipulation

MITREへのリンク →

Mustang Panda

Score: 16.21

Matched TTPs:

T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1183 - Image File Execution Options Injection
T1055.005 - Thread Local Storage
T1548.006 - TCC Manipulation

MITREへのリンク →

APT32

Score: 10.59

Matched TTPs:

T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1131 - Authentication Package
T1134.002 - Create Process with Token

MITREへのリンク →

APT1

Score: 7.27

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1183 - Image File Execution Options Injection
T1204.003 - Malicious Image

MITREへのリンク →

Lazarus Group

Score: 13.79

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1183 - Image File Execution Options Injection
T1134.002 - Create Process with Token
T1055.005 - Thread Local Storage
T1547.008 - LSASS Driver

MITREへのリンク →

Leviathan

Score: 7.27

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1183 - Image File Execution Options Injection

MITREへのリンク →

APT33

Score: 6.45

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1567.001 - Exfiltration to Code Repository

MITREへのリンク →

ZIRCONIUM

Score: 7.34

Matched TTPs:

T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1197 - BITS Jobs

MITREへのリンク →

EXOTIC LILY

Score: 9.65

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1183 - Image File Execution Options Injection
T1134.002 - Create Process with Token
T1547.008 - LSASS Driver

MITREへのリンク →

OilRig

Score: 7.51

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1547.008 - LSASS Driver

MITREへのリンク →

Windshift

Score: 4.84

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1547.008 - LSASS Driver

MITREへのリンク →

APT29

Score: 10.18

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1204.003 - Malicious Image
T1547.008 - LSASS Driver

MITREへのリンク →

Storm-1811

Score: 11.54

Matched TTPs:

T1543.003 - Windows Service
T1567.003 - Exfiltration to Text Storage Sites
T1030 - Data Transfer Size Limits
T1547.008 - LSASS Driver

MITREへのリンク →

Turla

Score: 4.73

Matched TTPs:

T1543.003 - Windows Service
T1131 - Authentication Package

MITREへのリンク →

Wizard Spider

Score: 11.08

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1183 - Image File Execution Options Injection
T1567.001 - Exfiltration to Code Repository
T1548.006 - TCC Manipulation

MITREへのリンク →

TA577

Score: 4.11

Matched TTPs:

T1543.003 - Windows Service
T1024 - Custom Cryptographic Protocol

MITREへのリンク →

Patchwork

Score: 4.78

Matched TTPs:

T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link

MITREへのリンク →

APT42

Score: 10.90

Matched TTPs:

T1543.003 - Windows Service
T1583.001 - Domains
T1183 - Image File Execution Options Injection
T1030 - Data Transfer Size Limits

MITREへのリンク →

APT28

Score: 26.81

Matched TTPs:

T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1131 - Authentication Package
T1204.003 - Malicious Image
T1197 - BITS Jobs
T1146 - Clear Command History
T1588.003 - Code Signing Certificates
T1548.006 - TCC Manipulation

MITREへのリンク →

Star Blizzard

Score: 14.57

Matched TTPs:

T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1183 - Image File Execution Options Injection
T1657 - Financial Theft
T1204.003 - Malicious Image

MITREへのリンク →

Moonstone Sleet

Score: 14.11

Matched TTPs:

T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1183 - Image File Execution Options Injection
T1134.002 - Create Process with Token
T1197 - BITS Jobs
T1547.008 - LSASS Driver

MITREへのリンク →

CURIUM

Score: 8.14

Matched TTPs:

T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1183 - Image File Execution Options Injection
T1547.008 - LSASS Driver

MITREへのリンク →

Dragonfly

Score: 11.96

Matched TTPs:

T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1657 - Financial Theft
T1204.003 - Malicious Image
T1548.006 - TCC Manipulation

MITREへのリンク →

Saint Bear

Score: 6.43

Matched TTPs:

T1598.003 - Spearphishing Link
T1134.002 - Create Process with Token
T1030 - Data Transfer Size Limits

MITREへのリンク →

FIN6

Score: 5.74

Matched TTPs:

T1598.003 - Spearphishing Link
T1548.006 - TCC Manipulation
T1547.008 - LSASS Driver

MITREへのリンク →

menuPass

Score: 3.22

Matched TTPs:

T1598.003 - Spearphishing Link
T1548.006 - TCC Manipulation

MITREへのリンク →

Ajax Security Team

Score: 3.40

Matched TTPs:

T1598.003 - Spearphishing Link
T1547.008 - LSASS Driver

MITREへのリンク →

TA551

Score: 3.40

Matched TTPs:

T1598.003 - Spearphishing Link
T1134.002 - Create Process with Token

MITREへのリンク →

Malteiro

Score: 3.40

Matched TTPs:

T1598.003 - Spearphishing Link
T1552.003 - Shell History

MITREへのリンク →

SideCopy

Score: 4.50

Matched TTPs:

T1598.003 - Spearphishing Link
T1657 - Financial Theft

MITREへのリンク →

IndigoZebra

Score: 3.54

Matched TTPs:

T1598.003 - Spearphishing Link
T1024 - Custom Cryptographic Protocol

MITREへのリンク →

HEXANE

Score: 7.48

Matched TTPs:

T1024 - Custom Cryptographic Protocol
T1183 - Image File Execution Options Injection
T1134.002 - Create Process with Token

MITREへのリンク →

LAPSUS$

Score: 10.56

Matched TTPs:

T1024 - Custom Cryptographic Protocol
T1134.002 - Create Process with Token
T1030 - Data Transfer Size Limits
T1548.006 - TCC Manipulation

MITREへのリンク →

SilverTerrier

Score: 5.81

Matched TTPs:

T1131 - Authentication Package
T1552.003 - Shell History

MITREへのリンク →

Contagious Interview

Score: 13.65

Matched TTPs:

T1131 - Authentication Package
T1183 - Image File Execution Options Injection
T1552.003 - Shell History
T1030 - Data Transfer Size Limits
T1547.008 - LSASS Driver

MITREへのリンク →

Medusa Group

Score: 7.15

Matched TTPs:

T1183 - Image File Execution Options Injection
T1552.003 - Shell History
T1548.006 - TCC Manipulation

MITREへのリンク →

HAFNIUM

Score: 7.53

Matched TTPs:

T1134.002 - Create Process with Token
T1204.003 - Malicious Image
T1548.006 - TCC Manipulation

MITREへのリンク →

INC Ransom

Score: 5.81

Matched TTPs:

T1552.003 - Shell History
T1562.013 - Disable or Modify Network Device Firewall

MITREへのリンク →

AppleJeus

Score: 5.81

Matched TTPs:

T1552.003 - Shell History
T1562.013 - Disable or Modify Network Device Firewall

MITREへのリンク →

Sea Turtle

Score: 3.29

Matched TTPs:

T1562.013 - Disable or Modify Network Device Firewall

MITREへのリンク →

Axiom

Score: 3.29

Matched TTPs:

T1562.013 - Disable or Modify Network Device Firewall

MITREへのリンク →

GOLD SOUTHFIELD

Score: 3.29

Matched TTPs:

T1562.013 - Disable or Modify Network Device Firewall

MITREへのリンク →

Ke3chang

Score: 5.01

Matched TTPs:

T1204.003 - Malicious Image
T1548.006 - TCC Manipulation

MITREへのリンク →

Chimera

Score: 5.01

Matched TTPs:

T1204.003 - Malicious Image
T1548.006 - TCC Manipulation

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.81

Matched TTPs:

T1543.003 - Windows Service
T1183 - Image File Execution Options Injection
T1024 - Custom Cryptographic Protocol
T1566.002 - Spearphishing Link
T1030 - Data Transfer Size Limits
T1598.003 - Spearphishing Link
T1197 - BITS Jobs
T1131 - Authentication Package
T1552.003 - Shell History
T1134.002 - Create Process with Token
T1204.003 - Malicious Image
T1562.013 - Disable or Modify Network Device Firewall

MITREへのリンク →

Scattered Spider

Score: 0.79

Matched TTPs:

T1548.006 - TCC Manipulation
T1560.003 - Archive via Custom Method
T1566.002 - Spearphishing Link
T1030 - Data Transfer Size Limits
T1197 - BITS Jobs
T1666 - Modify Cloud Resource Hierarchy
T1552.003 - Shell History
T1578 - Modify Cloud Compute Infrastructure
T1583.001 - Domains

MITREへのリンク →

APT28

Score: 0.73

Matched TTPs:

T1548.006 - TCC Manipulation
T1024 - Custom Cryptographic Protocol
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1197 - BITS Jobs
T1131 - Authentication Package
T1146 - Clear Command History
T1588.003 - Code Signing Certificates
T1204.003 - Malicious Image

MITREへのリンク →

Magic Hound

Score: 0.59

Matched TTPs:

T1543.003 - Windows Service
T1134.002 - Create Process with Token
T1183 - Image File Execution Options Injection
T1024 - Custom Cryptographic Protocol
T1566.002 - Spearphishing Link
T1547.008 - LSASS Driver
T1578 - Modify Cloud Compute Infrastructure
T1204.003 - Malicious Image

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る