Plan
active
MODBEACON RAT Uses gRPC C2; Linked to China's Silver Fox Group
- Engineer — Learn: gRPC-based C2 may evade TLS inspection tuned for HTTP/2 REST traffic; review whether your egress controls decode and inspect gRPC streams.
- SOC/IR — Plan: Build or tune detections for outbound gRPC streaming to novel external endpoints; Silver Fox distributes via SEO-poisoned counterfeit installers, so hunt for unexpected Rust-compiled binaries in user-facing application paths.
- Leader — Learn: Adds to the picture of China-linked actors targeting enterprise software supply chains via SEO poisoning; useful context for board-level threat landscape briefings but no immediate action required.
This entry was curated and judged by AI (Claude) with automated enrichment
(CISA KEV / EPSS / public PoC). Verify against the original source before
acting. Found a bad verdict?
Report it —
confirmed errors go to the corrections log.