← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - Black Hole of Trust: SEO Poisoning in Silver Fox’s Space Odyssey
WHITE celestre 2025-12-22 Modified: 2026-01-21
56
IOCs
HIGH VOLUME
Zero Trust is often touted as the ultimate defence for organisations, yet even threat actors sometimes leave the door unlocked, creating the perfect opening for us to walk through. This publication presents our findings on an ongoing campaign orchestrated by Silver Fox, uncovered through an insecure web panel identified as part of our Threat Intelligence operations.
cloud hostingdomain alibabavalleyratfilename hashdomain linkip linkdomain tencent
Indicators of Compromise (56)
All domain hostname FileHash-MD5 FileHash-SHA1 FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
domain 3tiao.org 2025-12-22
domain aisi-i4.com 2025-12-22
domain ch-safew.com 2025-12-22
domain cn-safew.com 2025-12-22
domain cn-sigua.com 2025-12-22
domain fantalks.cc 2025-12-22
domain fantalks88.cc 2025-12-22
domain ivcduidnxudhwiucn.org 2025-12-22
domain khjxvc.top 2025-12-22
domain letsvpn-kl.org 2025-12-22
domain letsvpnm.com 2025-12-22
domain orayy.com 2025-12-22
domain oryz.com 2025-12-22
domain paopaoim.org 2025-12-22
domain potato-im.org 2025-12-22
domain safew-hk.com 2025-12-22
domain safew-web.org 2025-12-22
domain safew-zhe.com 2025-12-22
domain safew.love 2025-12-22
domain shurufa-sougou.org 2025-12-22
domain sigua-cn.icu 2025-12-22
domain sigua-zq.com 2025-12-22
domain sigua.im 2025-12-22
domain sigua.io 2025-12-22
domain sigua.tw 2025-12-22
domain snipaste-cn.com 2025-12-22
domain snipaste.net 2025-12-22
domain snipastesec.com 2025-12-22
domain snipastesis.com 2025-12-22
domain ssl3.space 2025-12-22
domain sunlogin-orayc.com 2025-12-22
domain telegramdld.com 2025-12-22
domain telegramk.org 2025-12-22
domain vpm-kl.com 2025-12-22
domain wps-excel.org 2025-12-22
domain youdao-fy.org 2025-12-22
domain zh-signal.com 2025-12-22
domain zh-snipaste.com 2025-12-22
hostname snipaste.naifeiplus.com 2025-12-22
hostname zh.snipaste.com 2025-12-22
FileHash-MD5 e33bc6389af5a3122ca5f17acdaa21cc MD5 of bd5a0f1715ebe8c6d3d3d2d6ea31b7e84cc9c6021610509292648fca2e942d7b 2025-12-22
FileHash-MD5 fbc1ad91d66044d37d982cc888b07681 MD5 of 18a80813682b7ccc7428ab56e8c882ebeba94ae43df8993bd46c541d77fde56f 2025-12-22
FileHash-SHA1 e781b06230c0f76c93fa40ac733be5f4efe9c302 SHA1 of bd5a0f1715ebe8c6d3d3d2d6ea31b7e84cc9c6021610509292648fca2e942d7b 2025-12-22
FileHash-SHA1 ecf8365d28a6565b1b1c5f5076302913da8c5aa0 SHA1 of 18a80813682b7ccc7428ab56e8c882ebeba94ae43df8993bd46c541d77fde56f 2025-12-22
FileHash-SHA256 18a80813682b7ccc7428ab56e8c882ebeba94ae43df8993bd46c541d77fde56f 2025-12-22
FileHash-SHA256 3aa43350f17fb366174c77894a893d4e8d24c3b0f302190c16c2f62d5ab890b4 2025-12-22
FileHash-SHA256 3c7ef5d15d9b5429cd615900e2e50235db3badff75f6b66afa32dabd5167be15 2025-12-22
FileHash-SHA256 3fb0fb8ec636e8ee47ad3b48827a5ffd9af39f0442bd5dd98ae9f659e3d65309 2025-12-22
FileHash-SHA256 40d69efcf04bb00c4411c1b8920bc35968e6b903f4f60c04b4e881e482672031 2025-12-22
FileHash-SHA256 5ee4e4c8fcc00ea45aec5dda8cba27c090d115e287b4784867e3ce6d21239466 2025-12-22
FileHash-SHA256 822097f90504a419dd3e10ef91308f83606f4a6c80c95b7be786fe90a01e620c 2025-12-22
FileHash-SHA256 ada97bc3f0c142f50f006e19bf7e1d5fc25089334c782f4de0979bb0a9da7e35 2025-12-22
FileHash-SHA256 bd0ef6fbc7188c9434111e071751a244b79ea3ff9eac558d60b5d28ee480d87f 2025-12-22
FileHash-SHA256 bd5a0f1715ebe8c6d3d3d2d6ea31b7e84cc9c6021610509292648fca2e942d7b 2025-12-22
FileHash-SHA256 be62dc844ab234da9a29c6ba05aad1f323d30d163dd88002ac22a26508421435 2025-12-22
FileHash-SHA256 f521e9a5cc0ab97b5b797e31bafdfe642aca95b4f8186ac6eb565d0395b0c430 2025-12-22
References (1)
↗ https://www.nccgroup.com/research-blog/black-hole-of-trust-seo-poisoning-in-silver-fox-s-space-odyssey/