Threat Intelligence on Kemetmüllerhttps://xn--kemetmller-feb.com/tags/threat-intelligence/Recent content in Threat Intelligence on KemetmüllerHugo -- gohugo.ioen© 2026 Christoph Kemetmüller2025 Top 20 Chinese Cybersecurity Enterpriseshttps://xn--kemetmller-feb.com/blog/2025-top-20-chinese-cybersecurity-enterprises/Wed, 11 Feb 2026 22:43:03 +0100https://xn--kemetmller-feb.com/blog/2025-top-20-chinese-cybersecurity-enterprises/<h2 class="relative group">Introduction <div id="introduction" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#introduction" aria-label="Anchor">#</a> </span> </h2> <p>On December 29, 2025, the <a href="https://www.isc.org.cn/article/27460980540829696.html" target="_blank" rel="noreferrer">Internet Society of China</a> (中国互联网协会, ISC — an industry association affiliated with MIIT) published the <em>China Internet Enterprise Comprehensive Strength Index (2025)</em>. Buried in <a href="https://www.isc.org.cn//profile//2025/12/29/f531871d-ded7-4502-bb26-6d829f12707a.pdf" target="_blank" rel="noreferrer">Appendix 3</a> of the 39-page report is the <strong>2025 Top 20 Chinese Cybersecurity Enterprises (2025年中国网络安全前二十家企业)</strong> — the officially sanctioned, publicly celebrated face of Chinese cybersec.</p>Anatomy of the One Fox Toolkithttps://xn--kemetmller-feb.com/blog/anatomy-of-the-one-fox-toolkit/Wed, 11 Feb 2026 21:25:10 +0100https://xn--kemetmller-feb.com/blog/anatomy-of-the-one-fox-toolkit/<h2 class="relative group">Introduction <div id="introduction" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#introduction" aria-label="Anchor">#</a> </span> </h2> <p>When EclecticIQ analyzed a 2023 Cobalt Strike intrusion<sup id="fnref:1"><a href="#fn:1" class="footnote-ref" role="doc-noteref">1</a></sup> at Taiwan&rsquo;s Directorate General of Highways (MOTC), the most useful artifact wasn&rsquo;t the malware. It was a filesystem path leaked in the C2 logs:</p> <div class="highlight-wrapper"><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">C:\Users\Test\Desktop\ONE-FOX集成工具箱_V1.0魔改版_by狐狸\gui_other\Cobalt_Strike_4.5\plugin\TaoWu\script\lazagne.exe</span></span></code></pre></div></div>