No Specific Campaign
Catch-all for isolated malicious packages that are not attributable to a tracked campaign.
discovered 2024-11-04
Packages
- npmllm-oracleattributed-to
- npmredis-oracleattributed-to
- npmthemes-vendorattributed-to
- npmx509-escapingattributed-to
- npmkeycloak-serverattributed-to
- npmmodule-stubattributed-to
- npmpostject-copyattributed-to
- npmmicrometer-docsattributed-to
- npmorbit-playroomattributed-to
- npmweekendfeattributed-to
- npmnyc-configattributed-to
- npmslf4j-api-jsattributed-to
- npmexpress-cookie-parserattributed-to
- npmtensorflowjsattributed-to
- npmpino-sdk-v2attributed-to
- npmreact-refresh-updateattributed-to
- npmaxiosattributed-to
- npmexpress-session-jsattributed-to
- npmmgcattributed-to
- pypihermes-pxattributed-to
- npm@velora-dex/sdkattributed-to
- npmforge-jsxattributed-to
- npm@johntaohunter/forge-jsxattributed-to
- npmjs-logger-packattributed-to
- npmnpm-global-utilattributed-to
- npmmartinez-polygon-clipping-tonyattributed-to
- npmnoon-contractsattributed-to
- npmart-templateattributed-to
Indicators
- email[email protected]exfiltrates-to
- ipv413.60.183.44communicates-with
- ipv413.60.0.0communicates-with
- ipv413.63.255.255communicates-with
- ipv48.152.163.60communicates-with
- ipv4206.214.129.67communicates-with
- sha256863d274bbeb22ab969f742a06d89bdf0ababb99fdeb074a0fd9057f28b1ef257indicates
- sha19066ceeb391d9c7ba6aba650109c2fa3f8e088ebindicates
- email[email protected]exfiltrates-to
- email[email protected]exfiltrates-to
- domaindiscord.comcommunicates-with
- sha2563733f0add545e5537a7d3171a132df51e0b4105aebe85db35dbe868a056d3d24indicates
- domainmalicanbur.procommunicates-with
- ipv431.220.48.155communicates-with
- ipv4173.211.46.22communicates-with
- sha2560be2375362227f846c56c4de2db4d3113e197f0c605c297a7e0e0c154e94464eindicates
- sha2565196c3a832897e30c26da768379750bd3c886890e74d0f28a8921bbd19b553fcindicates
- email[email protected]exfiltrates-to
- domainsfrclak.comcommunicates-with
- ipv4142.11.206.73communicates-with
- sha2565bb67e88846096f1f8d42a0f0350c9c46260591567612ff9af46f98d1b7571cdindicates
- sha25659336a964f110c25c112bcc5adca7090296b54ab33fa95c0744b94f8a0d80c0findicates
- sha256fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cfindicates
- sha256e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09indicates
- email[email protected]exfiltrates-to
- email[email protected]exfiltrates-to
- email[email protected]exfiltrates-to
- email[email protected]exfiltrates-to
- domainjsonkeeper.comcommunicates-with
- domain216.126.237.71communicates-with
- ipv4216.126.237.71communicates-with
- ipv4216.126.229.166communicates-with
- ipv4216.126.227.239communicates-with
- sha256b5cca27ca1d792bd8c46b83fccfa4e5ba38916eb78877a19cbb39392ce98cc39indicates
- md5a36adbc35e69b22acbf9f834a0deb286indicates
- email[email protected]exfiltrates-to
- domainadmondtamang.com.npcommunicates-with
- domaingist.github.comcommunicates-with
- domaingist.githubusercontent.comcommunicates-with
- sha25640aa5d412a50db79a814ac5ad65237745727cb4777843d66a760f64285a5a3e6indicates
- sha11c5d51c2002f452a4dd58a1a73a9dd90a7fe0297indicates
- md5814132e794e5d007e9b8ebd223a9494findicates
- md50c0fc7a0c23cdb5e1c8f66b208053ed6indicates
- email[email protected]exfiltrates-to
- domainprod.universitecentrale.netcommunicates-with
- domainurlvoelpilswwxkiosey.supabase.cocommunicates-with
- domainchat.universitecentrale.netcommunicates-with
- ipv4146.0.0.0communicates-with
- sha1333e5b7c412736685b3c296a58663a7763744949indicates
- sha14c385d4376314b24793b6b4e3526783f72383667indicates
- sha12a6e3839766d215e40785f6b277dc2a34d4e2f71indicates
- sha1442158353951337678587c236567276e767a3d39indicates
- sha13f3922326c646a2d2f78703073224a3e4a366761indicates
- sha13c335f732e6f5c3b48665745325c572b25724a60indicates
- sha12968623b3a4c275d544149674522663559617b74indicates
- domain89.36.224.5communicates-with
- domaindatahub.inkcommunicates-with
- domaincloud-sync.onlinecommunicates-with
- domainbyte-io.uscommunicates-with
- domainapi.ipify.orgcommunicates-with
- domainipinfo.iocommunicates-with
- ipv489.36.224.5communicates-with
- ipv4208.115.220.17communicates-with
- sha2560a8ab3d16b12d3a453ee5a3208fe04744ad54514ef8ea27bb8fe32679efad270indicates
- sha2560b028b781950641818800fee2b4bf68e4ef2bcee53fe71a21755275ba108783dindicates
- sha1dfd224461edb06c556ee0d5677bd78ddda80b910indicates
- domain204.10.194.247communicates-with
- ipv4204.10.194.247communicates-with
- sha2564cb96c3b033c1aaf7b3d0fe54749058f14d4d914947a6d6d430aca108a7daa5aindicates
- email[email protected]exfiltrates-to
- email[email protected]exfiltrates-to
- domainapi-sub.jrodacooker.devcommunicates-with
- domainhuggingface.cocommunicates-with
- ipv4195.201.194.107communicates-with
- ipv44.0.0.0communicates-with
- sha256a49eee6b6db9da14db46587b68bf1d8a80976812f629bf3e100ac6ba83cf8490indicates
- sha2566ce3b22b07fd5aef1dd77237334d80718601e4e02a706485572d3dda8993a4e3indicates
- sha256571533a643e67c38087f4da8cce0d3dc14670a52403717e4943433d392860a7findicates
- sha256585c5ab1fea06bed4956e34ffd6d6b576122addd34d252b163ae0801098e9eafindicates
- sha2569f0a7174f9537bdbf63fe2329cea9a14198076180390af9f43a0e5b5c7c46912indicates
- sha256e35801137cd09fa02aa996145d18ec68d67d71db9810f2608a6285ee1c08b054indicates
- sha256df45bbac7695f0edad3edde36904f2722f2af761887744a2f1d65df705d28dc6indicates
- sha25643c93c609d48b6cb4f1275c285b5e6960ef74e7f5811b442e3c1038d49128d73indicates
- domainwebhook.sitecommunicates-with
- domainfranki.requestcatcher.comcommunicates-with
- ipv4169.254.169.254communicates-with
- email[email protected]exfiltrates-to
- domain172.86.73.132communicates-with
- ipv4172.86.73.132communicates-with
- sha25686d17961e9662c53e1fb61701388b7c741bf79c093061df968a3e53c829dcb16indicates
- email[email protected]exfiltrates-to
- email[email protected]exfiltrates-to
- domain82.221.101.203communicates-with
- ipv482.221.101.203communicates-with
- sha256263df2348f54f1f4980542a41f69d77b085fb28091a95979ba7f0e9f3d0da861indicates
- email[email protected]exfiltrates-to
- domainutaq.cfww.shopcommunicates-with
- domaingit.youzzjizz.comcommunicates-with
- ipv4180.178.50.158communicates-with
- ipv4172.67.141.14communicates-with
- ipv4104.21.40.254communicates-with
- sha256273206e2973df6ba7474aa66693797c98dcf26b794da4c3e863ab8d8c694868dindicates
- sha2565b5fe5d92808a732d0d44246cd706295cc739ed7f4dcae19112df666bc5d4f7dindicates
- sha256101afde88ff8b5c02fd341eda55022a39203088c2ff11dcb73214911cf5afb77indicates
- sha256d8e3973a0b3c5359d1f53a22491b56bdd31dee13a51c01c7126bc6694584512findicates
- sha256f31bdd069fe7966ae11be1f78ee5dd44445938856dd1df12379e0e84a6851f5cindicates
- sha157620206d62079baad0e57e6d9ec93120c0f5247indicates
- sha114669ca3b1519ba2a8f40be287f646d4d7593eb0indicates
Techniques
- ttpT1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
- ttpT1059.007 Command and Scripting Interpreter: JavaScriptuses
- ttpT1105 Ingress Tool Transferuses
- ttpT1036 Masquerading: package impersonation and typosquattinguses
- ttpT1539 Steal Web Session Cookieuses
- ttpT1102 Web Serviceuses
- ttpT1552.001 Unsecured Credentials: Credentials In Filesuses
- ttpT1041 Exfiltration Over C2 Channeluses
- ttpT1528 Steal Application Access Tokenuses
- ttpT1071.001 Application Layer Protocol: Web Protocolsuses
- ttpT1546 Event Triggered Executionuses
- ttpT1552.004 Unsecured Credentials: Private Keysuses
- ttpT1059.006 Command and Scripting Interpreter: Pythonuses
- ttpT1027 Obfuscated Files or Informationuses
- ttpT1203 Exploitation for Client Executionuses
