← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - Trust the Tunnel, Get the Trojan: Silver Fox Delivers AtlasCross RAT via Weaponized VPN Installers
A multi-stage remote access trojan campaign is actively targeting Chinese-speaking users through a network of typosquatted domains impersonating trusted software brands. The operation covers VPN clients, encrypted messengers, video conferencing tools, cryptocurrency trackers, and e-commerce applications, with eleven confirmed delivery domains impersonating brands including Surfshark VPN, Signal, Telegram, Zoom, Microsoft Teams, and others. All identified installer packages carry the same stolen Extended Validation code-signing certificate issued to a Vietnamese shell entity, lending them an appearance of legitimacy that bypasses both user suspicion and automated trust checks.
Indicators of Compromise (76)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| IPv4 | 61.111.250.139 | CC=KR ASN=AS4670 shinbiro | 2026-03-30 | |
| domain | bifa668.com | — | 2026-03-30 | |
| FileHash-MD5 | 0be4c354029913a663becc34060b58d9 | MD5 of 115a75d0ce595fc92f1acaa8b564c3f391325c34ddf34177c357a00306d6d216 | 2026-03-30 | |
| FileHash-MD5 | 1675c5090a3efc6c7906b9bc4dcb22cd | MD5 of 0896f5171a25ab6263598bb501d11413ffbbef05b168ff71b8d54ee9b81103b6 | 2026-03-30 | |
| FileHash-MD5 | 1c614c07fab2e6002ec90608bbffead5 | MD5 of 49ef5e6e6257d082073e000f9a0129f289ed715a288e19cc32344dc054c54ca6 | 2026-03-30 | |
| FileHash-MD5 | 33a76607e4003778518bcdaa806938de | MD5 of 3372ae716f20eedd3b7d77d08d7010e8424ca5cec781bde4fe3ec76d466cfe8f | 2026-03-30 | |
| FileHash-MD5 | 43c7f713f380f19dac6f447fb69bbd32 | MD5 of 49220c1046014c88720cceaf148ec83e3cd644e61fe339d1217f1a22ccf51614 | 2026-03-30 | |
| FileHash-MD5 | 4ff0aa6e1b1e133f6821ba5e32942492 | MD5 of e3f04545fb59d2943a4a30cd1b6fa39cb36e1e803301ab2ca5fad2bca84f04dd | 2026-03-30 | |
| FileHash-MD5 | 5f14e5ede8b5683cf8f6c3218b85c826 | MD5 of 42da0ad45bfe9b7f82247d780a32e128e0b00846fe76eea96250e3088f54909b | 2026-03-30 | |
| FileHash-MD5 | 68bb9a075e090be1d68918983b7f9f89 | MD5 of 5841ad433ab199bb784a4d33fd629101d22de6e44dce0606c08b92f8b4709380 | 2026-03-30 | |
| FileHash-MD5 | 737cfc6e40cd0d26c15845b4f1a06e83 | MD5 of d67545f666e89419c0ccd0346929b1906b46eb8b3cff2b94671c6d5755e81f3e | 2026-03-30 | |
| FileHash-MD5 | 7f0bd2e970d234abc4205215b6f78bfb | MD5 of 97f2b246627cc7afe3ed524b63a846e30ee37c81143493ab70c30ee0568dde86 | 2026-03-30 | |
| FileHash-MD5 | b743606cd24bde762efc94ac4cce72d9 | MD5 of fa5d3a9eebf9310148e7b980fefa7bc3f3a8e8ee7a8d0bd21a057c54c5a47560 | 2026-03-30 | |
| FileHash-MD5 | d92336172a96c7f034aa2b864ed2e43a | MD5 of a481befbec1d49041202331cdbf01a3e9cda8f714b8cbdfb52c676c7a5d7bdf7 | 2026-03-30 | |
| FileHash-SHA1 | 02f797dd78566fb7dd2885c5ffac8bdb31c36b72 | SHA1 of 5841ad433ab199bb784a4d33fd629101d22de6e44dce0606c08b92f8b4709380 | 2026-03-30 | |
| FileHash-SHA1 | 06361496d5ee5cf5b98c05a3331f09a34ca60824 | SHA1 of 49220c1046014c88720cceaf148ec83e3cd644e61fe339d1217f1a22ccf51614 | 2026-03-30 | |
| FileHash-SHA1 | 315b95f3e26f769c4933a28937639dbfe355898a | SHA1 of fa5d3a9eebf9310148e7b980fefa7bc3f3a8e8ee7a8d0bd21a057c54c5a47560 | 2026-03-30 | |
| FileHash-SHA1 | 3a0ac2d460a1801225b608ea28abb26eb40d76b4 | SHA1 of a481befbec1d49041202331cdbf01a3e9cda8f714b8cbdfb52c676c7a5d7bdf7 | 2026-03-30 | |
| FileHash-SHA1 | 481eb84956fc7e30f9e59a555cd8fc5cbbafab0b | SHA1 of d67545f666e89419c0ccd0346929b1906b46eb8b3cff2b94671c6d5755e81f3e | 2026-03-30 | |
| FileHash-SHA1 | 4887e9c33586bd0abf42fbda5df14a7f1d10d8f7 | SHA1 of 49ef5e6e6257d082073e000f9a0129f289ed715a288e19cc32344dc054c54ca6 | 2026-03-30 | |
| FileHash-SHA1 | 4ddd48c479aa49c737b9b369a3f22d458239618d | SHA1 of 0896f5171a25ab6263598bb501d11413ffbbef05b168ff71b8d54ee9b81103b6 | 2026-03-30 | |
| FileHash-SHA1 | 5326117dbd1926edb8e5a995867b3559466c26ca | SHA1 of e3f04545fb59d2943a4a30cd1b6fa39cb36e1e803301ab2ca5fad2bca84f04dd | 2026-03-30 | |
| FileHash-SHA1 | 75a83098823dd803769c76891b0d19e7d1eafb36 | SHA1 of 42da0ad45bfe9b7f82247d780a32e128e0b00846fe76eea96250e3088f54909b | 2026-03-30 | |
| FileHash-SHA1 | 9cfbeaff0b2c75459f371029826f157d916d25fb | SHA1 of 97f2b246627cc7afe3ed524b63a846e30ee37c81143493ab70c30ee0568dde86 | 2026-03-30 | |
| FileHash-SHA1 | ed1d4a48b5d70f6b10cd726c4901090b306c1f72 | SHA1 of 3372ae716f20eedd3b7d77d08d7010e8424ca5cec781bde4fe3ec76d466cfe8f | 2026-03-30 | |
| FileHash-SHA1 | ffa5f37f688c74b9e820ac2d7c8cf262b4e45fc4 | SHA1 of 115a75d0ce595fc92f1acaa8b564c3f391325c34ddf34177c357a00306d6d216 | 2026-03-30 | |
| FileHash-SHA256 | 0896f5171a25ab6263598bb501d11413ffbbef05b168ff71b8d54ee9b81103b6 | — | 2026-03-30 | |
| FileHash-SHA256 | 115a75d0ce595fc92f1acaa8b564c3f391325c34ddf34177c357a00306d6d216 | — | 2026-03-30 | |
| FileHash-SHA256 | 3372ae716f20eedd3b7d77d08d7010e8424ca5cec781bde4fe3ec76d466cfe8f | — | 2026-03-30 | |
| FileHash-SHA256 | 42da0ad45bfe9b7f82247d780a32e128e0b00846fe76eea96250e3088f54909b | — | 2026-03-30 | |
| FileHash-SHA256 | 49220c1046014c88720cceaf148ec83e3cd644e61fe339d1217f1a22ccf51614 | — | 2026-03-30 | |
| FileHash-SHA256 | 49ef5e6e6257d082073e000f9a0129f289ed715a288e19cc32344dc054c54ca6 | — | 2026-03-30 | |
| FileHash-SHA256 | 5841ad433ab199bb784a4d33fd629101d22de6e44dce0606c08b92f8b4709380 | — | 2026-03-30 | |
| FileHash-SHA256 | 97f2b246627cc7afe3ed524b63a846e30ee37c81143493ab70c30ee0568dde86 | — | 2026-03-30 | |
| FileHash-SHA256 | a481befbec1d49041202331cdbf01a3e9cda8f714b8cbdfb52c676c7a5d7bdf7 | — | 2026-03-30 | |
| FileHash-SHA256 | d67545f666e89419c0ccd0346929b1906b46eb8b3cff2b94671c6d5755e81f3e | — | 2026-03-30 | |
| FileHash-SHA256 | e3f04545fb59d2943a4a30cd1b6fa39cb36e1e803301ab2ca5fad2bca84f04dd | — | 2026-03-30 | |
| FileHash-SHA256 | fa5d3a9eebf9310148e7b980fefa7bc3f3a8e8ee7a8d0bd21a057c54c5a47560 | — | 2026-03-30 | |
| FileHash-MD5 | 012b7a20cd7acb5559312337896bfa87 | MD5 of fcc959730c9103d23975bbb41faf84a7f1dd75971f5baff9335bd9a346b0edee | 2026-03-30 | |
| FileHash-MD5 | 11e31f116e41953e1ef5dc0b7b468640 | MD5 of 817295bf52e243fb8632529133ccd04820d58352efca5928f34c7248c7f1932d | 2026-03-30 | |
| FileHash-MD5 | 286d668127cbecb2e49f63c2424a2976 | MD5 of e6d6cd85f12ee43cbd16d2da0dc49b023035b1c3fdf7e71b156bb760fdef8d5e | 2026-03-30 | |
| FileHash-MD5 | 5d84092f0a1bcbc486907115100052d5 | MD5 of 99c0e015c7b8d3df609b370ec3329be55c94797c92c24ec512f6546acdf1e246 | 2026-03-30 | |
| FileHash-MD5 | 7c45098613f53b3c54ff047ce364e391 | MD5 of 02401a2f2de8de15f00d637e555512fe3138c23e24ea1878f2cf2f647cf40b30 | 2026-03-30 | |
| FileHash-MD5 | b04b3bc25acc9a22a1979db013284bbb | MD5 of 797e1b6b5c37fec6c7a4629ca2f60b922f2212cf11946ecc23b0ca2faf8e3b99 | 2026-03-30 | |
| FileHash-MD5 | bea7f7c2b75d03bf9122cf7ed14fedba | MD5 of 1ad1f7d11bb1e6183ce20403ede42e65dba17a6ab660883ea1446ad331d69302 | 2026-03-30 | |
| FileHash-MD5 | f833a040c9c4740e97df547f1951cf9a | MD5 of 8009908c6c76a72e20e4020a9f9eb9e4d4203507f67a624ecf7f4ed672cf4b68 | 2026-03-30 | |
| FileHash-SHA1 | 3e623d7e7cec696eb633c150fa5db61b1d5f0527 | SHA1 of 8009908c6c76a72e20e4020a9f9eb9e4d4203507f67a624ecf7f4ed672cf4b68 | 2026-03-30 | |
| FileHash-SHA1 | 56bf896f4b757253302056ff829422a1da25d413 | SHA1 of e6d6cd85f12ee43cbd16d2da0dc49b023035b1c3fdf7e71b156bb760fdef8d5e | 2026-03-30 | |
| FileHash-SHA1 | 5e107d7d66ccbad3b9a0b0e3d04a58b01a9b1a17 | SHA1 of 02401a2f2de8de15f00d637e555512fe3138c23e24ea1878f2cf2f647cf40b30 | 2026-03-30 | |
| FileHash-SHA1 | a363769c1e45118364889990a87bf3f4dbb01852 | SHA1 of 817295bf52e243fb8632529133ccd04820d58352efca5928f34c7248c7f1932d | 2026-03-30 | |
| FileHash-SHA1 | a96054a63f17b2fa1b11a70c1592db6334ffc2e5 | SHA1 of fcc959730c9103d23975bbb41faf84a7f1dd75971f5baff9335bd9a346b0edee | 2026-03-30 | |
| FileHash-SHA1 | b588c8bcd1aceb781fbc9e5f209ead938f4ddc74 | SHA1 of 1ad1f7d11bb1e6183ce20403ede42e65dba17a6ab660883ea1446ad331d69302 | 2026-03-30 | |
| FileHash-SHA1 | ba8c715943dcf6fdc20ef62516968850b5c07189 | SHA1 of 797e1b6b5c37fec6c7a4629ca2f60b922f2212cf11946ecc23b0ca2faf8e3b99 | 2026-03-30 | |
| FileHash-SHA1 | c355e35f793fced13222fcc76852030ea0b931a5 | SHA1 of 99c0e015c7b8d3df609b370ec3329be55c94797c92c24ec512f6546acdf1e246 | 2026-03-30 | |
| FileHash-SHA256 | 02401a2f2de8de15f00d637e555512fe3138c23e24ea1878f2cf2f647cf40b30 | — | 2026-03-30 | |
| FileHash-SHA256 | 1ad1f7d11bb1e6183ce20403ede42e65dba17a6ab660883ea1446ad331d69302 | — | 2026-03-30 | |
| FileHash-SHA256 | 797e1b6b5c37fec6c7a4629ca2f60b922f2212cf11946ecc23b0ca2faf8e3b99 | — | 2026-03-30 | |
| FileHash-SHA256 | 8009908c6c76a72e20e4020a9f9eb9e4d4203507f67a624ecf7f4ed672cf4b68 | — | 2026-03-30 | |
| FileHash-SHA256 | 817295bf52e243fb8632529133ccd04820d58352efca5928f34c7248c7f1932d | — | 2026-03-30 | |
| FileHash-SHA256 | 8cecb015075094fe42d613a371480ba5f5813c931eb48eb7b893dac835172b37 | — | 2026-03-30 | |
| FileHash-SHA256 | 99c0e015c7b8d3df609b370ec3329be55c94797c92c24ec512f6546acdf1e246 | — | 2026-03-30 | |
| FileHash-SHA256 | e6d6cd85f12ee43cbd16d2da0dc49b023035b1c3fdf7e71b156bb760fdef8d5e | — | 2026-03-30 | |
| FileHash-SHA256 | fcc959730c9103d23975bbb41faf84a7f1dd75971f5baff9335bd9a346b0edee | — | 2026-03-30 | |
| domain | app-zoom.com | — | 2026-03-30 | |
| domain | eyy-eyy.com | — | 2026-03-30 | |
| domain | kefubao-pc.com | — | 2026-03-30 | |
| domain | quickq-quickq.com | — | 2026-03-30 | |
| domain | signal-signal.com | — | 2026-03-30 | |
| domain | telegrtam.com.cn | — | 2026-03-30 | |
| domain | trezor-trezor.com | — | 2026-03-30 | |
| domain | ultraviewer-cn.com | — | 2026-03-30 | |
| domain | wwtalk-app.com | — | 2026-03-30 | |
| domain | www-surfshark.com | — | 2026-03-30 | |
| domain | www-teams.com | — | 2026-03-30 | |
| hostname | a.share-dns.com | — | 2026-03-30 | |
| hostname | b.share-dns.net | — | 2026-03-30 |