← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Silver Fox: The Only Tax Audit Where the Fine Print Installs Malware
WHITE Silver Fox PetrP.73 2026-03-27 Modified: 2026-03-27
119
IOCs
HIGH VOLUME
Silver Fox, a China-based intrusion set active since early 2022, has notably transitioned from primarily financially motivated attacks to a dual strategy involving both advanced persistent threat (APT) operations and traditional cybercrime. This evolution reflects a broader trend observed in 2025, where the distinctions between financially driven cybercrime and state-sponsored espionage have become increasingly ambiguous.
silver foxtaiwanvalleyratrmm toolsouth asiapython stealermalaysiachinaholdinghandsindiawinosindonesiagh0st ratblackmoonaugusttelegramaprilvirustotalfebruaryinstallermalwaregh0stpythonioc httpsarchive
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (3 / 119 total)
All IPv4 FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL https://xqwmwru.top/admin/login.php 2026-03-27
URL https://xqwmwru.top/upload_large.php 2026-03-27
URL https://xqwmwru.top/upload_status.php 2026-03-27
References (1)
↗ https://blog.sekoia.io/silver-fox-the-only-tax-audit-where-the-fine-print-installs-malware/