← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India
WHITE Silver Fox AlienVault 2026-04-30 Modified: 2026-05-30
144
IOCs
HIGH VOLUME
The Silver Fox threat group conducted phishing campaigns in December 2025 and January 2026, impersonating tax authorities in India and Russia. Malicious emails contained archives with a modified Rust-based RustSL loader that deployed ValleyRAT backdoor. Over 1600 malicious emails targeted organizations across industrial, consulting, retail, and transportation sectors. During investigation, a previously undocumented Python-based backdoor named ABCDoor was discovered, active since late 2024. The attacks utilized multi-stage infection chains involving encrypted payloads, custom ValleyRAT modules, and various persistence mechanisms including Phantom Persistence technique. ABCDoor features remote control capabilities, screen broadcasting using ffmpeg, and file manipulation functions. The group employed sophisticated evasion techniques including geofencing, string encryption, and mimicking legitimate VPN services.
python backdoorsilver foxwinos 4.0valleyratABCDoor
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
ABCDoor ValleyRAT RustSL Winos 4.0
Indicators of Compromise (144)
All URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL http://154.82.81.205/YD20251001143052.zip 2026-04-30
FileHash-MD5 039e93b98ef5e329f8666a424237ae73 2026-04-30
FileHash-MD5 04194f8ddd0518fd8005f0e87ae96335 2026-04-30
FileHash-MD5 043e457726f1bbb6046cb0c9869dbd7d 2026-04-30
FileHash-MD5 06130dc648621e93acb9efb9fabb9651 2026-04-30
FileHash-MD5 0b9b420e3edd2ade5edc44f60ca745a2 2026-04-30
FileHash-MD5 0c3b60ffc4ea9ccce744bfa03b1a3556 2026-04-30
FileHash-MD5 1020497bef56f4181aefb7a0a9873fb4 2026-04-30
FileHash-MD5 11705121f64fa36f1e9d7e59867b0724 2026-04-30
FileHash-MD5 13669b8f2bd0af53a3fe9ac0490499e5 2026-04-30
FileHash-MD5 1aa72cd19e37570e14d898dff3f2e380 2026-04-30
FileHash-MD5 1d1f71936db05f67765f442feb95f3fd 2026-04-30
FileHash-MD5 202a5bcb87c34993318cfa3fa0c7ecb0 2026-04-30
FileHash-MD5 2375193669e243e830ef5794226352e7 2026-04-30
FileHash-MD5 27a3c439308f5c4956d77e23e1aad1a9 2026-04-30
FileHash-MD5 2b92e125184469a0c3740abcaa10350c 2026-04-30
FileHash-MD5 2c5a1dd4cb53287fe0ed14e0b7b7b1b7 2026-04-30
FileHash-MD5 32407207e9e9a0948d167dca96c41d1a 2026-04-30
FileHash-MD5 3279307508f3e5fb3a2420dec645f583 2026-04-30
FileHash-MD5 3417b9cf7acb22fae9e24603d4de1194 2026-04-30
FileHash-MD5 3c6aec25ebb2d51e1f16c2eef181c82a 2026-04-30
FileHash-MD5 44299a368000ae1ee9e9e584377b8757 2026-04-30
FileHash-MD5 4a5195a38a458cdd2c1b5ab13af3b393 2026-04-30
FileHash-MD5 4d343515f4c87b9a2ffd2f46665d2d57 2026-04-30
FileHash-MD5 4fc5ec1de89ce3fcdd3e70db4a9c39d1 2026-04-30
FileHash-MD5 4fc8c78516a8c2130286429686e200ed 2026-04-30
FileHash-MD5 5390e8bf7131caaaa98a5dd63e27b2bc 2026-04-30
FileHash-MD5 53b68ca8d7a54c15700cf9500ae4a4e2 2026-04-30
FileHash-MD5 5b998a5bc5ad1c550564294034d4a62c 2026-04-30
FileHash-MD5 5ed84b2099e220d645934e1fd552ae3a 2026-04-30
FileHash-MD5 6495c409b59deb72cfcb2b2da983b3bb 2026-04-30
FileHash-MD5 6611e902945e97a1b27f322a50566d48 2026-04-30
FileHash-MD5 6cf382d3a0eae57b8baaa263e4ed8d00 2026-04-30
FileHash-MD5 70016ddbcb8543bdb06e0f8c509ee980 2026-04-30
FileHash-MD5 70ae9ca2a285da9005a8acb32dd31ace 2026-04-30
FileHash-MD5 79cd56fc9abf294b9ba8751e618ec642 2026-04-30
FileHash-MD5 7f27818e4244310a645984ccc41ea818 2026-04-30
FileHash-MD5 814032eec3bc31643f8faa4234d0e049 2026-04-30
FileHash-MD5 84e54c3602d8240ed905b07217c451cd 2026-04-30
FileHash-MD5 891de2ff486a1824f2db01c1bdf1d2e9 2026-04-30
FileHash-MD5 8ac5bee89436b29f9817e434507fef55 2026-04-30
FileHash-MD5 8fc911ca37f9f451a213b967f016f1f8 2026-04-30
FileHash-MD5 90257aa1e7c9118055c09d4a978d4bee 2026-04-30
FileHash-MD5 933f1cb8ed2ced5d0dd2877c5ea374e8 2026-04-30
FileHash-MD5 9bf9f635019494c4b70fb0a7c0fb53e4 2026-04-30
FileHash-MD5 a083c546dc66b0f2a5e0e2e68032f62c 2026-04-30
FileHash-MD5 a0d1223ca4327aa5f7674bda8779323f 2026-04-30
FileHash-MD5 a234850dfdfd7ee128f648f9750dd2c4 2026-04-30
FileHash-MD5 a543b96b0938de798dd4f683dd92a94a 2026-04-30
FileHash-MD5 a75713f0310e74ffd24d91e5731c4d31 2026-04-30
FileHash-MD5 ad39a5790b79178d02ac739099b8e1f4 2026-04-30
FileHash-MD5 b0e06925db5416dfc90babf46402cd6f 2026-04-30
FileHash-MD5 b23d302b7f23453c98c11ca7b2e4616e 2026-04-30
FileHash-MD5 b500e0a8c87dffe6f20c6e067b51afbf 2026-04-30
FileHash-MD5 b53e3cc11947e5645dfbb19934b69833 2026-04-30
FileHash-MD5 b5ca812843570dcf8e7f35cacab36d4a 2026-04-30
FileHash-MD5 b6df7c59756ab655ca752b8a1b20cffa 2026-04-30
FileHash-MD5 c50c980d3f4b7ed970f083b0d37a6a6a 2026-04-30
FileHash-MD5 cb3d86e3ec2736ee1c883706fca172f8 2026-04-30
FileHash-MD5 d17caf6f5d6ba3393a3a865d1c43c3d2 2026-04-30
FileHash-MD5 d1d78cd1436991adb9c005cc7c6b5b98 2026-04-30
FileHash-MD5 dd0114ffacc6610b5a4a1cb0e79624cc 2026-04-30
FileHash-MD5 de8f0008b15f2404f721f76fac34456a 2026-04-30
FileHash-MD5 dfc64dd9d8f776ca5440c35fef5d406e 2026-04-30
FileHash-MD5 e5e8ef65b4d265bd5fb77fe165131c2f 2026-04-30
FileHash-MD5 e6362a81991323e198a463a8ce255533 2026-04-30
FileHash-MD5 e66bae6e8621db2a835fa6721c3e5bbe 2026-04-30
FileHash-MD5 eefc28e9f2c0c0592af186be8e3570d2 2026-04-30
FileHash-MD5 f15a67899cfe4decff76d4cd1677c254 2026-04-30
FileHash-MD5 f7037cc9a5659d5a1f68e88582242375 2026-04-30
FileHash-MD5 f8371097121549feb21e3bcc2eeea522 2026-04-30
FileHash-MD5 fa08b243f12e31940b8b4b82d3498804 2026-04-30
FileHash-MD5 fc546acf1735127db05fb5bc354093e0 2026-04-30
FileHash-SHA1 0ac6b8a5f0572b82f6483f2dff2d1535e3da55f0 2026-04-30
FileHash-SHA1 0dc9684946142d231f75ed2c9ce1f7ebc38b39f4 2026-04-30
FileHash-SHA1 0e8c2c75d3dd4b670b8d035d5f645c74f5455c02 2026-04-30
FileHash-SHA1 12e41cc25fe8e99a0fca691fb88ed9823e989853 2026-04-30
FileHash-SHA1 1d28c9073fb89c09cd34ea3592d6654832e45a14 2026-04-30
FileHash-SHA1 25818cdcfb39eaa22d999d214e6159417cfba72e 2026-04-30
FileHash-SHA1 2c2ebe8f78f1a4143e6a125adb7a4efd2aebc275 2026-04-30
FileHash-SHA1 34d792d07092d963375e336869c9f40296858345 2026-04-30
FileHash-SHA1 34d7aa9cf1fceab7f221891f7fbc23157bd9f65b 2026-04-30
FileHash-SHA1 38a03f625cd9de3086a7ea6759c0b46115a0525b 2026-04-30
FileHash-SHA1 895aebe2d281e66f87963c01de570286561a0de2 2026-04-30
FileHash-SHA1 8c29a2693ddf208455db290abfc76c153da27643 2026-04-30
FileHash-SHA1 96ea4a649f67272e305b75401a4045efae91c926 2026-04-30
FileHash-SHA1 9a6c59eaa1d467029c8e1fee651b6d09ddde91e4 2026-04-30
FileHash-SHA1 a00e86ee1c4a1318ae394d3927d01f5aec74f861 2026-04-30
FileHash-SHA1 acbdc1781a5a62789fdd233cde9c6521500f66f2 2026-04-30
FileHash-SHA1 ad94d5ee63f405eb6a1a157713aa6999e579c6e6 2026-04-30
FileHash-SHA1 bb88f63ba7762b7307251ab0e8bb544ccbaf9b52 2026-04-30
FileHash-SHA1 ca5c6fc9d9adc8e8edd474f601429764cc52d4b0 2026-04-30
FileHash-SHA1 f4d105f9565a8ee98e94d92e5a516e2f7b86e343 2026-04-30
FileHash-SHA1 fd4dba4c4493e6fe3045f9e47f63b6f8b256ac32 2026-04-30
FileHash-SHA256 0cffb8b8fd11f300b5477ff23ec576f66ab65c021d995fa5495827237e679d93 2026-04-30
FileHash-SHA256 0eb664b45200c9b4e954162128d2c13bc693f6ae57650b49a3a9fb9b2e821110 2026-04-30
FileHash-SHA256 285c764e84ca830d90e75df06ee5445693f79058142b85b5e054c5c78c0421aa 2026-04-30
FileHash-SHA256 3296bd88e0a85ebad4f429878bf8bca16ac43e609133b4781f88a339c37bfe9f 2026-04-30
FileHash-SHA256 4518249127a023adb81d232452395e1506a3766eac1664b8a63c3d0e7dcc2dc2 2026-04-30
FileHash-SHA256 4b4dcbd26f08dca7e3e5721f0f5bdc6274e1edc0556e0749a426ec22ff83ca10 2026-04-30
FileHash-SHA256 56366c635d7b2ae88e8c8e9511f0c12e1cf1173b8be8c8f211b38a26d3a21e1c 2026-04-30
FileHash-SHA256 5be9fc4ad9ae3e791d18427f4592c234dfb612aec39b219e8ec57424f61cbab3 2026-04-30
FileHash-SHA256 5d8c7fffc0992639edbca893366f19d5784af2d77e3cfcbaa445a10c503f935a 2026-04-30
FileHash-SHA256 67c87dafb26de3b2b15b93a4ccd291e95682b9adf4ecb083b7c54286245ebd87 2026-04-30
FileHash-SHA256 795f939f8b9a2d56a3e8a609cab81032d9122a7d56ea852d95cd668f09139a3a 2026-04-30
FileHash-SHA256 905efac09785631ed57e57a6236b87c04f53b9e0a3bf697df71365814dee6362 2026-04-30
FileHash-SHA256 949b0bea5bd7feab58e280dde49310521920b655714c5f1b7d9de8719373dcd7 2026-04-30
FileHash-SHA256 a553833771f3e75ec3132f1295284e0e885e048b288f37ff8546677e5cb42f2f 2026-04-30
FileHash-SHA256 c925048d6da2a2cd30ad521c1153f56366ee4bacbe84c8b929c1be7f9f2aa445 2026-04-30
FileHash-SHA256 d8f9f8bc811f428dd9605000470c5f496f46145e2d3d8b7e750bca901e55fcdd 2026-04-30
FileHash-SHA256 dbfa683cd8c600ed0e90f58eb965ca38b1561fa99d12cb7f252e8608da217df2 2026-04-30
FileHash-SHA256 e96091fd784eca3c56ce4a703b22f5e5941464aec32a6f356ad0f99ea4422f04 2026-04-30
FileHash-SHA256 f0e4d25b9b707be029e915ecb9fe61132cce89e138de36fef5e1edef551d7c25 2026-04-30
FileHash-SHA256 fedf8678350dd29713be43f6115a2a8361f011b4b2eaf51e57eb2ffd758caa83 2026-04-30
FileHash-SHA256 ffaea868dc1d68211664133e3b69f7025f1406bd4647d77f3aee945d745ad4bc 2026-04-30
URL http://154.82.81.205/YD20251001143052.zip' 2026-04-30
URL http://154.82.81.205/YN20250923193706.zip. 2026-04-30
URL https://abc.fetish-friends.com/setup/install 2026-04-30
URL https://abc.fetish-friends.com/setup/install?channel=dianhua-0903 2026-04-30
URL https://abc.fetish-friends.com/setup/install?channel=whatsapp_0826 2026-04-30
URL https://abc.fetish-friends.com/setup?channel=jiqi_0819 2026-04-30
URL https://abc.fetish-friends.com/uploads/appclient.zip 2026-04-30
URL https://mcagov.cc/download.php?type=exe. 2026-04-30
URL https://roldco.com/api/download/c51bbd17-ef08-4d6c-ab4c-d7bf49483dd6 2026-04-30
URL https://sudsmama.com/api/download/50e24b3a-8662-4d2f-9837-8cc62aa8f697 2026-04-30
URL https://sudsmama.com/api/download/c8ea0a2c-42c2-4159-9337-ee774ed5e7cb 2026-04-30
URL https://vnc.kcii2.com 2026-04-30
domain guard.rs 2026-04-30
domain ipv4.rs 2026-04-30
domain mcagov.cc 2026-04-30
domain obfuscate.io 2026-04-30
domain roldco.com 2026-04-30
domain steganography.rs 2026-04-30
domain sudsmama.com 2026-04-30
domain uuid.rs 2026-04-30
hostname abc.3mkorealtd.com 2026-04-30
hostname abc.doublemobile.com 2026-04-30
hostname abc.fetish-friends.com 2026-04-30
hostname abc.haijing88.com 2026-04-30
hostname abc.ilptour.com 2026-04-30
hostname abc.petitechanson.com 2026-04-30
hostname abc.sudsmama.com 2026-04-30
hostname abc.woopami.com 2026-04-30
hostname vnc.kcii2.com 2026-04-30
References (1)
↗ https://securelist.com/silver-fox-tax-notification-campaign/119575/