Introduction#
When EclecticIQ analyzed a 2023 Cobalt Strike intrusion1 at Taiwan’s Directorate General of Highways (MOTC), the most useful artifact wasn’t the malware. It was a filesystem path leaked in the C2 logs:
C:\Users\Test\Desktop\ONE-FOX集成工具箱_V1.0魔改版_by狐狸\gui_other\Cobalt_Strike_4.5\plugin\TaoWu\script\lazagne.exeOne string, six facts: which toolkit version was being run, who modded it (“by 狐狸” — Fox), what was bundled inside, which plugin pack was loaded, which credential-dumper was being pushed to the victim (LaZagne), and that the operator was running the whole thing from a desktop user account literally named Test.
The toolkit is from a Chinese red-team collective called the One Fox Security Team (一只狐狸安全团队). Their GitHub repo2 — 1.4k stars, MIT-licensed — is almost empty: a README, a LICENSE, a single PNG. The actual distributables live on Baidu Pan and Quark Pan, gated behind the group’s WeChat OA 狐狸说安全 (“Fox Says Security”). GitHub is the billboard; WeChat is the storefront.
What’s actually in the kit#
The flagship is the 天狐渗透工具箱-社区版 (“Heavenly Fox” Community Edition penetration toolkit), currently at V3.03 (January 2026). It’s a Python GUI launcher that chains and orchestrates a curated set of mostly-public tools. By the group’s own taxonomy:
- Web exploitation — Godzilla v4.0.1 (AES-encrypted C2 webshell), Behinder/冰蝎, AntSword/中国蚁剑, Fscan, NacosExploitGUI, plus dedicated framework exploit packs for Spring, Struts2, WebLogic, and JBoss. Dozens of scanners target Chinese OA platforms specifically (致远 OA, 通达 OA, 用友, 金蝶).
- Reconnaissance — directory brute-forcers, a hosted FOFA front-end on
one-fox.cn, and Burp plugins (Domain Hunter Pro, OneScan). - Evasion — FoxBypass V1.0, a “separated AV-evasion loader” (split-payload pattern).
- Post-exploitation — CACM for Linux post-ex and persistence, plus the TaoWu Cobalt Strike plugin pack (the same one that appeared in the Taiwan logs).
- Blue-team — an Emergency Response Toolkit. The same group ships both halves of the engagement.
Where the kit sits#
One Fox is not a KnownSec or i-Soon. Those were involuntary contractor leaks — state-aligned tradecraft, target lists, and bespoke implants like ShadowPad. One Fox is voluntary, open publication by an HVV-oriented red team. The V1.2 release ships with the tagline4 “助力HVV季” — supporting HVV season, China’s coordinated state-and-enterprise red/blue exercises.
NetAskari, who reviewed a comparable Chinese pen-tester’s kit5 with substantial overlap with the One Fox bundle, was careful about what the artifacts did and didn’t reveal:
we have no evidence or signs to assume that the person is working for the Chinese state or is affiliated in any way in APT activity
A normal pen-tester’s kit, and you can find similar ones everywhere.
That’s the calibration. The KnownSec leak shows what gets built at the top of the Chinese offensive pyramid — bespoke implants targeting Western governments. The One Fox repo shows what gets handed out at the bottom — the commodity, community-tier layer that feeds upward into contractor work and HVV competition teams. The Taiwan incident is what happens when something from that bottom layer ends up on a desktop pointed at real critical infrastructure: a CCTV-access compromise at 08:51:43 UTC on February 9, 2023, launched from C:\Users\Test\Desktop\.
EclecticIQ, “Chinese Threat Actor Used Modified Cobalt Strike Variant to Attack Taiwanese Critical Infrastructure.” https://blog.eclecticiq.com/chinese-threat-actor-used-modified-cobalt-strike-variant-to-attack-taiwanese-critical-infrastructure ↩︎
One-Fox-Security-Team, One-Fox-T00ls (GitHub). https://github.com/One-Fox-Security-Team/One-Fox-T00ls ↩︎
cn-sec.com, 天狐渗透工具箱-社区版V3.0发布 (January 2026 release notes). https://cn-sec.com/archives/4875794.html ↩︎
cn-sec.com, 天狐渗透工具箱-社区版V1.2正式发布 (HVV-season tagline). https://cn-sec.com/archives/3772934.html ↩︎
NetAskari, What’s in the Box!? (Substack). https://netaskari.substack.com/p/whats-in-the-box ↩︎