IOC Radar
TLP:WHITE8 IOCs

Exposing Fox Tempest: A malware-signing service operation

MT
Microsoft Threat Intelligence
Published May 19, 2026Original Report

Threat Actors

Malware Families

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYAkiraMuddyWaterINFRASTRUCTUREsignspace.cloudCAPABILITYAkiraLummaRhysidaVICTIMunknown
Adversary(2)
Infrastructure(1)
Capability(4)
Victim

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise8

TypeIndicatorConfidenceScoreFirst Seen
SHA1dc0acb01e3086ea8a9cb144a5f97810d291020ce
file-hashintel-blogmalware
Medium
53
Jun 2, 26
MD572f988bf86f141af91ab2d7cd011db47
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA25611af4566539ad3224e968194c7a9ad7b596460d8f6e423fc62d1ea5fc0724326
file-hashintel-blogmalware
Medium
53
Jun 2, 26
Domainsignspace.cloud
intel-blogmalwarenetwork
High
58
Jun 2, 26
SHA256f0a6b89ec7eee83274cd484cea526b970a3ef28038799b0a5774bb33c5793b55
file-hashintel-blogmalware
Medium
53
Jun 2, 26
MD5870aef541453461c0a7208deb5fe4ca0
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA17e6d9dac619c04ae1b3c8c0906123e752ed66d63
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA256f0668ce925f36ff7f3359b0ea47e3fa243af13cd6ad9661dfccc9ff79fb4f1cc
file-hashintel-blogmalware
Medium
53
Jun 2, 26

IOC Relationship Graph

IOC Relationship Graph8 total IOCs
SHA1MD5SHA256Domain
SHA2563SHA12MD52Domain1Actors2Malware4REPORTExposing Fox Tempest: A maAkiraMuddyWaterAkiraLummaRhysidaVidar
scroll to zoom · drag to pan · click IOC to open