← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Silver Fox: The Only Tax Audit Where the Fine Print Installs Malware
WHITE Silver Fox PetrP.73 2026-03-27 Modified: 2026-03-27
119
IOCs
HIGH VOLUME
Silver Fox, a China-based intrusion set active since early 2022, has notably transitioned from primarily financially motivated attacks to a dual strategy involving both advanced persistent threat (APT) operations and traditional cybercrime. This evolution reflects a broader trend observed in 2025, where the distinctions between financially driven cybercrime and state-sponsored espionage have become increasingly ambiguous.
silver foxtaiwanvalleyratrmm toolsouth asiapython stealermalaysiachinaholdinghandsindiawinosindonesiagh0st ratblackmoonaugusttelegramaprilvirustotalfebruaryinstallermalwaregh0stpythonioc httpsarchive
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (5 / 119 total)
All IPv4 FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 2ee0081ca90250bbfc28f4d20a6f8602 MD5 of eb4a53145734d1ef612897337b1fc3375209598c427590731bb87de3bd8f9bb0 2026-03-27
FileHash-MD5 45600147f2850ba180b384aba23f6999 MD5 of 18cb036bcc7aacf7393575ddf15133e24d3a22cc92a4b14e8595686e4bf80629 2026-03-27
FileHash-MD5 5e24c58eb15249f7d4d087f66dd1ce02 MD5 of e2b75baeb7ed21fb8f27984f941286770d1c3c0b60fce8d7fa5b167bd24ba6dc 2026-03-27
FileHash-MD5 de502aa3e2c0e43038dbc3d1b6e33bd2 MD5 of 316cbc90ad71a421e571b529af2dee40f901b15b4bc549836c25f1be35597249 2026-03-27
FileHash-MD5 ee8679f98b3bd0689ca21d70a5cc55e5 MD5 of 249d2d1d6cfcf34d48ac0465ede688759a3c90b7412723373ea5a434d6d64c9c 2026-03-27
References (1)
↗ https://blog.sekoia.io/silver-fox-the-only-tax-audit-where-the-fine-print-installs-malware/