← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Black Hole of Trust: SEO Poisoning in Silver Fox's Space Odyssey
Silver Fox, an advanced persistent threat (APT) group based in China, has been active since its emergence in 2022, with significant operations documented through 2024. The group's tactics, techniques, and procedures (TTPs) notably include SEO poisoning to direct users to malicious domains masquerading as legitimate applications, such as Microsoft Teams. This campaign was partially uncovered through an exposed link management panel that is believed to facilitate the tracking of download activity for backdoor installer applications.
MITRE ATT&CK & Malware Families
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| URL | http://118.107.43.131:18852 | — | 2025-12-21 | |
| URL | http://cdn2-download.store/download/mango.html | — | 2025-12-21 | |
| URL | http://cdn2-download.store/download/teams.html | — | 2025-12-21 | |
| URL | http://download.store/download/mango.html | — | 2025-12-21 | |
| URL | http://ssl2.space/donw/qieqie.html | — | 2025-12-21 | |
| URL | http://ssl3.space/click.php?suffix=mango. | — | 2025-12-21 | |
| URL | http://ssl3.space/details.php?suffix=[NAME] | — | 2025-12-21 | |
| URL | https://reliaquest.com/blog/threat-spotlight-silver-foxs-russian-ruse-fake-microsoft-teams-attack | — | 2025-12-21 | |
| URL | https://reliaquest.com/blog/threat-spotlight-silver-foxs-russian-ruse-fake-microsoft-teams-attack/ | — | 2025-12-21 | |
| domain | 3tiao.org | — | 2025-12-21 | |
| domain | aisi-i4.com | — | 2025-12-21 | |
| domain | cdn2-download.store | — | 2025-12-21 | |
| domain | ch-safew.com | — | 2025-12-21 | |
| domain | cn-safew.com | — | 2025-12-21 | |
| domain | cn-sigua.com | — | 2025-12-21 | |
| domain | download.store | — | 2025-12-21 | |
| domain | fantalks.cc | — | 2025-12-21 | |
| domain | fantalks88.cc | — | 2025-12-21 | |
| domain | ivcduidnxudhwiucn.org | — | 2025-12-21 | |
| domain | khjxvc.top | — | 2025-12-21 | |
| domain | letsvpn-kl.org | — | 2025-12-21 | |
| domain | letsvpnm.com | — | 2025-12-21 | |
| domain | orayy.com | — | 2025-12-21 | |
| domain | oryz.com | — | 2025-12-21 | |
| domain | paopaoim.org | — | 2025-12-21 | |
| domain | potato-im.org | — | 2025-12-21 | |
| domain | reliaquest.com | — | 2025-12-21 | |
| domain | safew-hk.com | — | 2025-12-21 | |
| domain | safew-web.org | — | 2025-12-21 | |
| domain | safew-zhe.com | — | 2025-12-21 | |
| domain | safew.love | — | 2025-12-21 | |
| domain | shurufa-sougou.org | — | 2025-12-21 | |
| domain | sigua-cn.icu | — | 2025-12-21 | |
| domain | sigua-zq.com | — | 2025-12-21 | |
| domain | sigua.im | — | 2025-12-21 | |
| domain | sigua.io | — | 2025-12-21 | |
| domain | sigua.tw | — | 2025-12-21 | |
| domain | snipaste-cn.com | — | 2025-12-21 | |
| domain | snipaste.net | — | 2025-12-21 | |
| domain | snipastesec.com | — | 2025-12-21 | |
| domain | snipastesis.com | — | 2025-12-21 | |
| domain | ssl1.space | — | 2025-12-21 | |
| domain | ssl2.space | — | 2025-12-21 | |
| domain | ssl3.space | — | 2025-12-21 | |
| domain | sunlogin-orayc.com | — | 2025-12-21 | |
| domain | teams-zh.net | — | 2025-12-21 | |
| domain | teamscn.com | — | 2025-12-21 | |
| domain | telegramdld.com | — | 2025-12-21 | |
| domain | telegramk.org | — | 2025-12-21 | |
| domain | vpm-kl.com | — | 2025-12-21 | |
| domain | wps-excel.org | — | 2025-12-21 | |
| domain | youdao-fy.org | — | 2025-12-21 | |
| domain | zh-signal.com | — | 2025-12-21 | |
| domain | zh-snipaste.com | — | 2025-12-21 | |
| hostname | snipaste.naifeiplus.com | — | 2025-12-21 | |
| hostname | zh.snipaste.com | — | 2025-12-21 |