216.73.217.22

Russian Ruse: ValleyRAT Hits China via Fake Microsoft Teams Attack

· Published 10/12/2025 17:22 · Modified 21/12/2025 18:58

Export JSON

Essential information

Published
10/12/2025 17:22
Modified
21/12/2025 18:58
Tags
2025-12-10 apt china espionage false flag financial fraud microsoft teams seo poisoning valleyrat
Related entities
37 observables, 1 intrusion sets (apt), 9 techniques (mitre), 1 malware, 20 others

Description

The Chinese group Silver Fox has launched an campaign targeting Chinese-speaking users, impersonating . The campaign uses a modified loader with Cyrillic elements to mislead attribution. Silver Fox aims to conduct and , posing a significant threat due to its dual mission. The attack chain involves a fake Teams website, malicious ZIP files, and binary data retrieval from XML and JSON files. The malware exploits rundll32.exe for binary proxy execution and establishes C2 communication. Attribution to Silver Fox is based on overlapping infrastructure and links to previous campaigns. Organizations with global operations, especially in , are advised to implement robust security measures and logging capabilities to defend against this evolving threat.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Observables (37)

  • 134.122.128.131
  • 43.226.125.125
  • 143.92.63.190
  • 143.92.63.147
  • 27.124.43.12
  • 137.220.135.86
  • 43.226.125.112
  • 43.226.125.124
  • 137.220.135.79
  • 134.122.128.143
  • 134.122.207.20
  • 134.122.128.141
  • 134.122.207.17
  • 137.220.135.74
  • 143.92.63.167
  • 27.124.43.7
  • 134.122.207.22
  • 27.124.43.4
  • http://teams.telegramgwxz.com
  • http://teamscn.com
  • http://teamszv.com
  • http://teams.telegramzwxz.com
  • http://binancegames.sb
  • http://6esygx.space
  • http://teams.kkkgenieyesl.cn
  • http://teams.baoyingkeji.com
  • http://teams.xclyd.com
  • http://teams.chetanagarbatti.com
  • http://teams.plsgongmu.com
  • http://teams.kensun4a.com
  • http://qzjfxy.fun
  • http://teams.cpeakem.com
  • http://teams.hardepc.com
  • http://teams.fjzwb.com
  • http://teams.fin-tastikantioch.com
  • http://teams.telegramtgxz.com
  • http://teams.jqsnzp.com

Intrusion sets (APT) (1)

  • Silver Fox
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 00:22 · Modified 21/12/2025 00:22

Techniques (MITRE) (9)

Malware (1)

  • ValleyRAT
    Family
    Published 08/06/2026 10:30 · Modified 08/06/2026 10:30

Others (20)

  • China
  • qzjfxy.fun
  • teams.telegramgwxz.com
  • teams.xclyd.com
  • teams.baoyingkeji.com
  • teamszv.com
  • teamscn.com
  • teams.hardepc.com
  • 6esygx.space
  • teams.jqsnzp.com
  • teams.kensun4a.com
  • teams.chetanagarbatti.com
  • teams.telegramzwxz.com
  • teams.plsgongmu.com
  • teams.cpeakem.com
  • binancegames.sb
  • teams.fjzwb.com
  • teams.telegramtgxz.com
  • teams.fin-tastikantioch.com
  • teams.kkkgenieyesl.cn

External references