Malwarebox public intelligence surface

IIM Feeds for adversary infrastructure chains.

Published IIM chains from MANTIS, shaped for humans first: browse actor infrastructure, compare role flows, open evidence, and export the canonical JSON when you need the raw model.

Explore published chains Tracked actors Open feed API

confirmed12

likely5

tentative0

needs review6

IIM Atlas Board

Role matrix of the published feed

10 chains per page, each row opens the full chain view

chain	actor	conf	entry	redirector	staging	payload	c2	edges	published
`silver-fox-abcdoor-2026-04-30` Silver Fox tax-themed RustSL to ValleyRAT and ABCDoor chain	Silver Fox	likely	1 tax-themed phishing email attachmen...	1 attacker-controlled external downlo...	5 tax-related malicious archive	3 ValleyRAT Login module / Winos 4.0 payload	1 207.56.138.28	11e / 11r	2026-05-27 12:03:50

Showing 1–1 of 1 matching chains

Page 1 of 1. Showing 1–1 of 1 matching chains, 17 total.

Technique pressure

top observed IIM techniques

IIM-T024

8 IIM-T002

7 IIM-T006

7 IIM-T011

7 IIM-T019

6 IIM-T010

5 IIM-T013

3 IIM-T020

3 IIM-T021

3 IIM-T001

3 IIM-T018

3 IIM-T026

Actor surface

published chain attribution

UAT-83024 UAC-00573 Webworm2 Glassworm1 MB-00011 UAT-100271 UAT-103621 unknown1 Silver Fox1 MB-00061 MB-00051

silver-fox-abcdoor-2026-04-30

Silver Fox tax-themed RustSL to ValleyRAT and ABCDoor chain

likely

Observed Silver Fox campaign using tax-themed delivery to distribute a customized RustSL loader, ValleyRAT, custom ValleyRAT modules and the ABCDoor Python backdoor. The chain models only infrastructure and delivery composition aspects; endpoint persistence and execution details are kept in ATT&CK annotations or notes.

entry → redirector → staging → staging → staging → payload → c2

Silver Fox 11 entities 11 relations 2026-05-27 12:03:50

IIM-T019 IIM-T024

Open chain analysis↗