{"campaign":{"name":"No Specific Campaign","slug":"no-specific-campaign","href":"/ti/campaigns/no-specific-campaign","description":"Catch-all for isolated malicious packages that are not attributable to a tracked campaign.","aliases":[],"discovered_at":"2024-11-04"},"packages":[{"ecosystem":"npm","name":"llm-oracle","href":"/ti/packages/npm/llm-oracle","threat_types":["other"],"versions":["1.0.2"]},{"ecosystem":"npm","name":"redis-oracle","href":"/ti/packages/npm/redis-oracle","threat_types":["other"],"versions":["0.0.0"]},{"ecosystem":"npm","name":"themes-vendor","href":"/ti/packages/npm/themes-vendor","threat_types":["typosquat"],"versions":["0.0.1","0.0.0"]},{"ecosystem":"npm","name":"x509-escaping","href":"/ti/packages/npm/x509-escaping","threat_types":["typosquat"],"versions":["0.0.1","0.0.0"]},{"ecosystem":"npm","name":"keycloak-server","href":"/ti/packages/npm/keycloak-server","threat_types":["typosquat"],"versions":["0.0.1","0.0.3"]},{"ecosystem":"npm","name":"module-stub","href":"/ti/packages/npm/module-stub","threat_types":["typosquat"],"versions":["0.0.1"]},{"ecosystem":"npm","name":"postject-copy","href":"/ti/packages/npm/postject-copy","threat_types":["typosquat"],"versions":["0.0.0"]},{"ecosystem":"npm","name":"micrometer-docs","href":"/ti/packages/npm/micrometer-docs","threat_types":["typosquat"],"versions":["0.0.3"]},{"ecosystem":"npm","name":"orbit-playroom","href":"/ti/packages/npm/orbit-playroom","threat_types":["typosquat"],"versions":["0.0.0"]},{"ecosystem":"npm","name":"weekendfe","href":"/ti/packages/npm/weekendfe","threat_types":["typosquat"],"versions":["0.0.1"]},{"ecosystem":"npm","name":"nyc-config","href":"/ti/packages/npm/nyc-config","threat_types":["typosquat"],"versions":["1.0.0"]},{"ecosystem":"npm","name":"slf4j-api-js","href":"/ti/packages/npm/slf4j-api-js","threat_types":["typosquat"],"versions":["1.0.0"]},{"ecosystem":"npm","name":"express-cookie-parser","href":"/ti/packages/npm/express-cookie-parser","threat_types":["typosquat"],"versions":["1.0.0"]},{"ecosystem":"npm","name":"tensorflowjs","href":"/ti/packages/npm/tensorflowjs","threat_types":["typosquat"],"versions":["1.0.0"]},{"ecosystem":"npm","name":"pino-sdk-v2","href":"/ti/packages/npm/pino-sdk-v2","threat_types":["credential_stealer","data_exfiltration","typosquat"],"versions":["9.9.0"]},{"ecosystem":"npm","name":"react-refresh-update","href":"/ti/packages/npm/react-refresh-update","threat_types":["credential_stealer","data_exfiltration","typosquat"],"versions":["1.0.0","1.0.1","1.0.2","1.0.3","1.0.4","2.0.5"]},{"ecosystem":"npm","name":"axios","href":"/ti/packages/npm/axios","threat_types":["rat","persistence"],"versions":["1.8.2"]},{"ecosystem":"npm","name":"express-session-js","href":"/ti/packages/npm/express-session-js","threat_types":["rat","credential_stealer","crypto_drainer","data_exfiltration","c2_agent"],"versions":["1.19.0"]},{"ecosystem":"npm","name":"mgc","href":"/ti/packages/npm/mgc","threat_types":["rat","credential_stealer","data_exfiltration","persistence","c2_agent"],"versions":["1.2.1","1.2.2","1.2.3","1.2.4"]},{"ecosystem":"pypi","name":"hermes-px","href":"/ti/packages/pypi/hermes-px","threat_types":["credential_stealer","data_exfiltration"],"versions":["0.1.0"]},{"ecosystem":"npm","name":"@velora-dex/sdk","href":"/ti/packages/npm/@velora-dex/sdk","threat_types":["rat","persistence","crypto_drainer"],"versions":["1.0.0"]},{"ecosystem":"npm","name":"forge-jsx","href":"/ti/packages/npm/forge-jsx","threat_types":["rat","credential_stealer","data_exfiltration","persistence","c2_agent"],"versions":["1.0.0","1.0.1","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6"]},{"ecosystem":"npm","name":"@johntaohunter/forge-jsx","href":"/ti/packages/npm/@johntaohunter/forge-jsx","threat_types":["rat","credential_stealer","data_exfiltration","persistence","c2_agent"],"versions":["1.0.4"]},{"ecosystem":"npm","name":"js-logger-pack","href":"/ti/packages/npm/js-logger-pack","threat_types":["credential_stealer","crypto_drainer","data_exfiltration","persistence","c2_agent"],"versions":["0.0.1","1.0.0","1.1.0","1.1.2","1.1.4","1.1.5","1.1.6","1.1.7","1.1.8","1.1.9","1.1.10","1.1.14","1.1.17","1.1.18","1.1.19","1.1.20","1.1.21","1.1.22","1.1.23","1.1.24","1.1.25","1.1.26"]},{"ecosystem":"npm","name":"npm-global-util","href":"/ti/packages/npm/npm-global-util","threat_types":["credential_stealer","data_exfiltration","rat","persistence"],"versions":["1.0.0"]},{"ecosystem":"npm","name":"martinez-polygon-clipping-tony","href":"/ti/packages/npm/martinez-polygon-clipping-tony","threat_types":["rat","persistence"],"versions":["1.0.0"]},{"ecosystem":"npm","name":"noon-contracts","href":"/ti/packages/npm/noon-contracts","threat_types":["credential_stealer","data_exfiltration","rat","persistence","c2_agent","crypto_drainer"],"versions":["1.0.0"]},{"ecosystem":"npm","name":"art-template","href":"/ti/packages/npm/art-template","threat_types":["other"],"versions":["4.13.3"]}],"indicators":[{"kind":"email","value":"josh.weavery@gmail.com","href":"/ti/ioc/email/josh.weavery@gmail.com","context":"Email indicator from blog post"},{"kind":"ipv4","value":"13.60.183.44","href":"/ti/ioc/ipv4/13.60.183.44","context":"IP address indicator from blog post"},{"kind":"ipv4","value":"13.60.0.0","href":"/ti/ioc/ipv4/13.60.0.0","context":"IP address indicator from blog post"},{"kind":"ipv4","value":"13.63.255.255","href":"/ti/ioc/ipv4/13.63.255.255","context":"IP address indicator from blog post"},{"kind":"ipv4","value":"8.152.163.60","href":"/ti/ioc/ipv4/8.152.163.60","context":"IP address indicator from blog post"},{"kind":"ipv4","value":"206.214.129.67","href":"/ti/ioc/ipv4/206.214.129.67","context":"IP address indicator from blog post"},{"kind":"sha256","value":"863d274bbeb22ab969f742a06d89bdf0ababb99fdeb074a0fd9057f28b1ef257","href":"/ti/ioc/sha256/863d274bbeb22ab969f742a06d89bdf0ababb99fdeb074a0fd9057f28b1ef257","context":"SHA-256 hash from blog post"},{"kind":"sha1","value":"9066ceeb391d9c7ba6aba650109c2fa3f8e088eb","href":"/ti/ioc/sha1/9066ceeb391d9c7ba6aba650109c2fa3f8e088eb","context":"SHA-1/commit-like hash from blog post"},{"kind":"email","value":"graphite7199@gmail.com","href":"/ti/ioc/email/graphite7199@gmail.com","context":"Email indicator from blog post"},{"kind":"email","value":"graphitediscord199@gmail.com","href":"/ti/ioc/email/graphitediscord199@gmail.com","context":"Email indicator from blog post"},{"kind":"domain","value":"discord.com","href":"/ti/ioc/domain/discord.com","context":"Network indicator from blog post"},{"kind":"sha256","value":"3733f0add545e5537a7d3171a132df51e0b4105aebe85db35dbe868a056d3d24","href":"/ti/ioc/sha256/3733f0add545e5537a7d3171a132df51e0b4105aebe85db35dbe868a056d3d24","context":"SHA-256 hash from blog post"},{"kind":"domain","value":"malicanbur.pro","href":"/ti/ioc/domain/malicanbur.pro","context":"Network indicator from blog post"},{"kind":"ipv4","value":"31.220.48.155","href":"/ti/ioc/ipv4/31.220.48.155","context":"IP address indicator from blog post"},{"kind":"ipv4","value":"173.211.46.22","href":"/ti/ioc/ipv4/173.211.46.22","context":"IP address indicator from blog post"},{"kind":"sha256","value":"0be2375362227f846c56c4de2db4d3113e197f0c605c297a7e0e0c154e94464e","href":"/ti/ioc/sha256/0be2375362227f846c56c4de2db4d3113e197f0c605c297a7e0e0c154e94464e","context":"SHA-256 hash from blog post"},{"kind":"sha256","value":"5196c3a832897e30c26da768379750bd3c886890e74d0f28a8921bbd19b553fc","href":"/ti/ioc/sha256/5196c3a832897e30c26da768379750bd3c886890e74d0f28a8921bbd19b553fc","context":"SHA-256 hash from blog post"},{"kind":"email","value":"jaimeandujo086@gmail.com","href":"/ti/ioc/email/jaimeandujo086@gmail.com","context":"Email indicator from blog post"},{"kind":"domain","value":"sfrclak.com","href":"/ti/ioc/domain/sfrclak.com","context":"Network indicator from blog post"},{"kind":"ipv4","value":"142.11.206.73","href":"/ti/ioc/ipv4/142.11.206.73","context":"IP address indicator from blog post"},{"kind":"sha256","value":"5bb67e88846096f1f8d42a0f0350c9c46260591567612ff9af46f98d1b7571cd","href":"/ti/ioc/sha256/5bb67e88846096f1f8d42a0f0350c9c46260591567612ff9af46f98d1b7571cd","context":"SHA-256 hash from blog post"},{"kind":"sha256","value":"59336a964f110c25c112bcc5adca7090296b54ab33fa95c0744b94f8a0d80c0f","href":"/ti/ioc/sha256/59336a964f110c25c112bcc5adca7090296b54ab33fa95c0744b94f8a0d80c0f","context":"SHA-256 hash from blog post"},{"kind":"sha256","value":"fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf","href":"/ti/ioc/sha256/fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf","context":"SHA-256 hash from blog post"},{"kind":"sha256","value":"e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09","href":"/ti/ioc/sha256/e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09","context":"SHA-256 hash from blog post"},{"kind":"email","value":"npm-oidc-no-reply@github.com","href":"/ti/ioc/email/npm-oidc-no-reply@github.com","context":"Email indicator from blog post"},{"kind":"email","value":"ifstap@proton.me","href":"/ti/ioc/email/ifstap@proton.me","context":"Email indicator from blog post"},{"kind":"email","value":"jasonsaayman@gmail.com","href":"/ti/ioc/email/jasonsaayman@gmail.com","context":"Email indicator from blog post"},{"kind":"email","value":"nrwise@proton.me","href":"/ti/ioc/email/nrwise@proton.me","context":"Email indicator from blog post"},{"kind":"domain","value":"jsonkeeper.com","href":"/ti/ioc/domain/jsonkeeper.com","context":"Network indicator from blog post"},{"kind":"domain","value":"216.126.237.71","href":"/ti/ioc/domain/216.126.237.71","context":"Network indicator from blog post"},{"kind":"ipv4","value":"216.126.237.71","href":"/ti/ioc/ipv4/216.126.237.71","context":"IP address indicator from blog post"},{"kind":"ipv4","value":"216.126.229.166","href":"/ti/ioc/ipv4/216.126.229.166","context":"IP address indicator from blog post"},{"kind":"ipv4","value":"216.126.227.239","href":"/ti/ioc/ipv4/216.126.227.239","context":"IP address indicator from blog post"},{"kind":"sha256","value":"b5cca27ca1d792bd8c46b83fccfa4e5ba38916eb78877a19cbb39392ce98cc39","href":"/ti/ioc/sha256/b5cca27ca1d792bd8c46b83fccfa4e5ba38916eb78877a19cbb39392ce98cc39","context":"SHA-256 hash from blog post"},{"kind":"md5","value":"a36adbc35e69b22acbf9f834a0deb286","href":"/ti/ioc/md5/a36adbc35e69b22acbf9f834a0deb286","context":"MD5 hash from blog post"},{"kind":"email","value":"tj@vision-media.ca","href":"/ti/ioc/email/tj@vision-media.ca","context":"Email indicator from blog post"},{"kind":"domain","value":"admondtamang.com.np","href":"/ti/ioc/domain/admondtamang.com.np","context":"Network indicator from blog post"},{"kind":"domain","value":"gist.github.com","href":"/ti/ioc/domain/gist.github.com","context":"Network indicator from blog post"},{"kind":"domain","value":"gist.githubusercontent.com","href":"/ti/ioc/domain/gist.githubusercontent.com","context":"Network indicator from blog post"},{"kind":"sha256","value":"40aa5d412a50db79a814ac5ad65237745727cb4777843d66a760f64285a5a3e6","href":"/ti/ioc/sha256/40aa5d412a50db79a814ac5ad65237745727cb4777843d66a760f64285a5a3e6","context":"SHA-256 hash from blog post"},{"kind":"sha1","value":"1c5d51c2002f452a4dd58a1a73a9dd90a7fe0297","href":"/ti/ioc/sha1/1c5d51c2002f452a4dd58a1a73a9dd90a7fe0297","context":"SHA-1/commit-like hash from blog post"},{"kind":"md5","value":"814132e794e5d007e9b8ebd223a9494f","href":"/ti/ioc/md5/814132e794e5d007e9b8ebd223a9494f","context":"MD5 hash from blog post"},{"kind":"md5","value":"0c0fc7a0c23cdb5e1c8f66b208053ed6","href":"/ti/ioc/md5/0c0fc7a0c23cdb5e1c8f66b208053ed6","context":"MD5 hash from blog post"},{"kind":"email","value":"admondtamang@gmail.com","href":"/ti/ioc/email/admondtamang@gmail.com","context":"Email indicator from blog post"},{"kind":"domain","value":"prod.universitecentrale.net","href":"/ti/ioc/domain/prod.universitecentrale.net","context":"Network indicator from blog post"},{"kind":"domain","value":"urlvoelpilswwxkiosey.supabase.co","href":"/ti/ioc/domain/urlvoelpilswwxkiosey.supabase.co","context":"Network indicator from blog post"},{"kind":"domain","value":"chat.universitecentrale.net","href":"/ti/ioc/domain/chat.universitecentrale.net","context":"Network indicator from blog post"},{"kind":"ipv4","value":"146.0.0.0","href":"/ti/ioc/ipv4/146.0.0.0","context":"IP address indicator from blog post"},{"kind":"sha1","value":"333e5b7c412736685b3c296a58663a7763744949","href":"/ti/ioc/sha1/333e5b7c412736685b3c296a58663a7763744949","context":"SHA-1/commit-like hash from blog post"},{"kind":"sha1","value":"4c385d4376314b24793b6b4e3526783f72383667","href":"/ti/ioc/sha1/4c385d4376314b24793b6b4e3526783f72383667","context":"SHA-1/commit-like hash from blog post"},{"kind":"sha1","value":"2a6e3839766d215e40785f6b277dc2a34d4e2f71","href":"/ti/ioc/sha1/2a6e3839766d215e40785f6b277dc2a34d4e2f71","context":"SHA-1/commit-like hash from blog post"},{"kind":"sha1","value":"442158353951337678587c236567276e767a3d39","href":"/ti/ioc/sha1/442158353951337678587c236567276e767a3d39","context":"SHA-1/commit-like hash from blog post"},{"kind":"sha1","value":"3f3922326c646a2d2f78703073224a3e4a366761","href":"/ti/ioc/sha1/3f3922326c646a2d2f78703073224a3e4a366761","context":"SHA-1/commit-like hash from blog post"},{"kind":"sha1","value":"3c335f732e6f5c3b48665745325c572b25724a60","href":"/ti/ioc/sha1/3c335f732e6f5c3b48665745325c572b25724a60","context":"SHA-1/commit-like hash from blog post"},{"kind":"sha1","value":"2968623b3a4c275d544149674522663559617b74","href":"/ti/ioc/sha1/2968623b3a4c275d544149674522663559617b74","context":"SHA-1/commit-like hash from blog post"},{"kind":"domain","value":"89.36.224.5","href":"/ti/ioc/domain/89.36.224.5","context":"Network indicator from blog post"},{"kind":"domain","value":"datahub.ink","href":"/ti/ioc/domain/datahub.ink","context":"Network indicator from blog post"},{"kind":"domain","value":"cloud-sync.online","href":"/ti/ioc/domain/cloud-sync.online","context":"Network indicator from blog post"},{"kind":"domain","value":"byte-io.us","href":"/ti/ioc/domain/byte-io.us","context":"Network indicator from blog post"},{"kind":"domain","value":"api.ipify.org","href":"/ti/ioc/domain/api.ipify.org","context":"Network indicator from blog post"},{"kind":"domain","value":"ipinfo.io","href":"/ti/ioc/domain/ipinfo.io","context":"Network indicator from blog post"},{"kind":"ipv4","value":"89.36.224.5","href":"/ti/ioc/ipv4/89.36.224.5","context":"IP address indicator from blog post"},{"kind":"ipv4","value":"208.115.220.17","href":"/ti/ioc/ipv4/208.115.220.17","context":"IP address indicator from blog post"},{"kind":"sha256","value":"0a8ab3d16b12d3a453ee5a3208fe04744ad54514ef8ea27bb8fe32679efad270","href":"/ti/ioc/sha256/0a8ab3d16b12d3a453ee5a3208fe04744ad54514ef8ea27bb8fe32679efad270","context":"SHA-256 hash from blog post"},{"kind":"sha256","value":"0b028b781950641818800fee2b4bf68e4ef2bcee53fe71a21755275ba108783d","href":"/ti/ioc/sha256/0b028b781950641818800fee2b4bf68e4ef2bcee53fe71a21755275ba108783d","context":"SHA-256 hash from blog post"},{"kind":"sha1","value":"dfd224461edb06c556ee0d5677bd78ddda80b910","href":"/ti/ioc/sha1/dfd224461edb06c556ee0d5677bd78ddda80b910","context":"SHA-1/commit-like hash from blog post"},{"kind":"domain","value":"204.10.194.247","href":"/ti/ioc/domain/204.10.194.247","context":"Network indicator from blog post"},{"kind":"ipv4","value":"204.10.194.247","href":"/ti/ioc/ipv4/204.10.194.247","context":"IP address indicator from blog post"},{"kind":"sha256","value":"4cb96c3b033c1aaf7b3d0fe54749058f14d4d914947a6d6d430aca108a7daa5a","href":"/ti/ioc/sha256/4cb96c3b033c1aaf7b3d0fe54749058f14d4d914947a6d6d430aca108a7daa5a","context":"SHA-256 hash from blog post"},{"kind":"email","value":"john@taohunter.ai","href":"/ti/ioc/email/john@taohunter.ai","context":"Email indicator from blog post"},{"kind":"email","value":"johnceballos0716@gmail.com","href":"/ti/ioc/email/johnceballos0716@gmail.com","context":"Email indicator from blog post"},{"kind":"domain","value":"api-sub.jrodacooker.dev","href":"/ti/ioc/domain/api-sub.jrodacooker.dev","context":"Network indicator from blog post"},{"kind":"domain","value":"huggingface.co","href":"/ti/ioc/domain/huggingface.co","context":"Network indicator from blog post"},{"kind":"ipv4","value":"195.201.194.107","href":"/ti/ioc/ipv4/195.201.194.107","context":"IP address indicator from blog post"},{"kind":"ipv4","value":"4.0.0.0","href":"/ti/ioc/ipv4/4.0.0.0","context":"IP address indicator from blog post"},{"kind":"sha256","value":"a49eee6b6db9da14db46587b68bf1d8a80976812f629bf3e100ac6ba83cf8490","href":"/ti/ioc/sha256/a49eee6b6db9da14db46587b68bf1d8a80976812f629bf3e100ac6ba83cf8490","context":"SHA-256 hash from blog post"},{"kind":"sha256","value":"6ce3b22b07fd5aef1dd77237334d80718601e4e02a706485572d3dda8993a4e3","href":"/ti/ioc/sha256/6ce3b22b07fd5aef1dd77237334d80718601e4e02a706485572d3dda8993a4e3","context":"SHA-256 hash from blog post"},{"kind":"sha256","value":"571533a643e67c38087f4da8cce0d3dc14670a52403717e4943433d392860a7f","href":"/ti/ioc/sha256/571533a643e67c38087f4da8cce0d3dc14670a52403717e4943433d392860a7f","context":"SHA-256 hash from blog post"},{"kind":"sha256","value":"585c5ab1fea06bed4956e34ffd6d6b576122addd34d252b163ae0801098e9eaf","href":"/ti/ioc/sha256/585c5ab1fea06bed4956e34ffd6d6b576122addd34d252b163ae0801098e9eaf","context":"SHA-256 hash from blog post"},{"kind":"sha256","value":"9f0a7174f9537bdbf63fe2329cea9a14198076180390af9f43a0e5b5c7c46912","href":"/ti/ioc/sha256/9f0a7174f9537bdbf63fe2329cea9a14198076180390af9f43a0e5b5c7c46912","context":"SHA-256 hash from blog post"},{"kind":"sha256","value":"e35801137cd09fa02aa996145d18ec68d67d71db9810f2608a6285ee1c08b054","href":"/ti/ioc/sha256/e35801137cd09fa02aa996145d18ec68d67d71db9810f2608a6285ee1c08b054","context":"SHA-256 hash from blog post"},{"kind":"sha256","value":"df45bbac7695f0edad3edde36904f2722f2af761887744a2f1d65df705d28dc6","href":"/ti/ioc/sha256/df45bbac7695f0edad3edde36904f2722f2af761887744a2f1d65df705d28dc6","context":"SHA-256 hash from blog post"},{"kind":"sha256","value":"43c93c609d48b6cb4f1275c285b5e6960ef74e7f5811b442e3c1038d49128d73","href":"/ti/ioc/sha256/43c93c609d48b6cb4f1275c285b5e6960ef74e7f5811b442e3c1038d49128d73","context":"SHA-256 hash from blog post"},{"kind":"domain","value":"webhook.site","href":"/ti/ioc/domain/webhook.site","context":"Network indicator from blog post"},{"kind":"domain","value":"franki.requestcatcher.com","href":"/ti/ioc/domain/franki.requestcatcher.com","context":"Network indicator from blog post"},{"kind":"ipv4","value":"169.254.169.254","href":"/ti/ioc/ipv4/169.254.169.254","context":"IP address indicator from blog post"},{"kind":"email","value":"npmtpoc@gmail.com","href":"/ti/ioc/email/npmtpoc@gmail.com","context":"Email indicator from blog post"},{"kind":"domain","value":"172.86.73.132","href":"/ti/ioc/domain/172.86.73.132","context":"Network indicator from blog post"},{"kind":"ipv4","value":"172.86.73.132","href":"/ti/ioc/ipv4/172.86.73.132","context":"IP address indicator from blog post"},{"kind":"sha256","value":"86d17961e9662c53e1fb61701388b7c741bf79c093061df968a3e53c829dcb16","href":"/ti/ioc/sha256/86d17961e9662c53e1fb61701388b7c741bf79c093061df968a3e53c829dcb16","context":"SHA-256 hash from blog post"},{"kind":"email","value":"info@w8r.name","href":"/ti/ioc/email/info@w8r.name","context":"Email indicator from blog post"},{"kind":"email","value":"daltonchristiano060@gmail.com","href":"/ti/ioc/email/daltonchristiano060@gmail.com","context":"Email indicator from blog post"},{"kind":"domain","value":"82.221.101.203","href":"/ti/ioc/domain/82.221.101.203","context":"Network indicator from blog post"},{"kind":"ipv4","value":"82.221.101.203","href":"/ti/ioc/ipv4/82.221.101.203","context":"IP address indicator from blog post"},{"kind":"sha256","value":"263df2348f54f1f4980542a41f69d77b085fb28091a95979ba7f0e9f3d0da861","href":"/ti/ioc/sha256/263df2348f54f1f4980542a41f69d77b085fb28091a95979ba7f0e9f3d0da861","context":"SHA-256 hash from blog post"},{"kind":"email","value":"noondeved94ed@wshu.net","href":"/ti/ioc/email/noondeved94ed@wshu.net","context":"Email indicator from blog post"},{"kind":"domain","value":"utaq.cfww.shop","href":"/ti/ioc/domain/utaq.cfww.shop","context":"Network indicator from blog post"},{"kind":"domain","value":"git.youzzjizz.com","href":"/ti/ioc/domain/git.youzzjizz.com","context":"Network indicator from blog post"},{"kind":"ipv4","value":"180.178.50.158","href":"/ti/ioc/ipv4/180.178.50.158","context":"IP address indicator from blog post"},{"kind":"ipv4","value":"172.67.141.14","href":"/ti/ioc/ipv4/172.67.141.14","context":"IP address indicator from blog post"},{"kind":"ipv4","value":"104.21.40.254","href":"/ti/ioc/ipv4/104.21.40.254","context":"IP address indicator from blog post"},{"kind":"sha256","value":"273206e2973df6ba7474aa66693797c98dcf26b794da4c3e863ab8d8c694868d","href":"/ti/ioc/sha256/273206e2973df6ba7474aa66693797c98dcf26b794da4c3e863ab8d8c694868d","context":"SHA-256 hash from blog post"},{"kind":"sha256","value":"5b5fe5d92808a732d0d44246cd706295cc739ed7f4dcae19112df666bc5d4f7d","href":"/ti/ioc/sha256/5b5fe5d92808a732d0d44246cd706295cc739ed7f4dcae19112df666bc5d4f7d","context":"SHA-256 hash from blog post"},{"kind":"sha256","value":"101afde88ff8b5c02fd341eda55022a39203088c2ff11dcb73214911cf5afb77","href":"/ti/ioc/sha256/101afde88ff8b5c02fd341eda55022a39203088c2ff11dcb73214911cf5afb77","context":"SHA-256 hash from blog post"},{"kind":"sha256","value":"d8e3973a0b3c5359d1f53a22491b56bdd31dee13a51c01c7126bc6694584512f","href":"/ti/ioc/sha256/d8e3973a0b3c5359d1f53a22491b56bdd31dee13a51c01c7126bc6694584512f","context":"SHA-256 hash from blog post"},{"kind":"sha256","value":"f31bdd069fe7966ae11be1f78ee5dd44445938856dd1df12379e0e84a6851f5c","href":"/ti/ioc/sha256/f31bdd069fe7966ae11be1f78ee5dd44445938856dd1df12379e0e84a6851f5c","context":"SHA-256 hash from blog post"},{"kind":"sha1","value":"57620206d62079baad0e57e6d9ec93120c0f5247","href":"/ti/ioc/sha1/57620206d62079baad0e57e6d9ec93120c0f5247","context":"SHA-1/commit-like hash from blog post"},{"kind":"sha1","value":"14669ca3b1519ba2a8f40be287f646d4d7593eb0","href":"/ti/ioc/sha1/14669ca3b1519ba2a8f40be287f646d4d7593eb0","context":"SHA-1/commit-like hash from blog post"}],"ttps":[{"name":"Supply Chain Compromise: Compromise Software Dependencies and Development Tools","mitre_attack_id":"T1195.001","href":"/ti/ttps/T1195.001"},{"name":"Command and Scripting Interpreter: JavaScript","mitre_attack_id":"T1059.007","href":"/ti/ttps/T1059.007"},{"name":"Ingress Tool Transfer","mitre_attack_id":"T1105","href":"/ti/ttps/T1105"},{"name":"Masquerading: package impersonation and typosquatting","mitre_attack_id":"T1036","href":"/ti/ttps/T1036"},{"name":"Steal Web Session Cookie","mitre_attack_id":"T1539","href":"/ti/ttps/T1539"},{"name":"Web Service","mitre_attack_id":"T1102","href":"/ti/ttps/T1102"},{"name":"Unsecured Credentials: Credentials In Files","mitre_attack_id":"T1552.001","href":"/ti/ttps/T1552.001"},{"name":"Exfiltration Over C2 Channel","mitre_attack_id":"T1041","href":"/ti/ttps/T1041"},{"name":"Steal Application Access Token","mitre_attack_id":"T1528","href":"/ti/ttps/T1528"},{"name":"Application Layer Protocol: Web Protocols","mitre_attack_id":"T1071.001","href":"/ti/ttps/T1071.001"},{"name":"Event Triggered Execution","mitre_attack_id":"T1546","href":"/ti/ttps/T1546"},{"name":"Unsecured Credentials: Private Keys","mitre_attack_id":"T1552.004","href":"/ti/ttps/T1552.004"},{"name":"Command and Scripting Interpreter: Python","mitre_attack_id":"T1059.006","href":"/ti/ttps/T1059.006"},{"name":"Obfuscated Files or Information","mitre_attack_id":"T1027","href":"/ti/ttps/T1027"},{"name":"Exploitation for Client Execution","mitre_attack_id":"T1203","href":"/ti/ttps/T1203"}],"related_campaigns":[],"reports":[{"title":"Malicious Open Source Library Analysis: llm-oracle and its Payload","url":"https://safedep.io/malicious-oss-package-analysis-llm-oracle","published_at":"2024-11-04"},{"title":"npm - The Playground for Malicious Packages","url":"https://safedep.io/multiple-npm-malicious-package-impersonating-popular-names","published_at":"2024-12-11"},{"title":"Typosquatt alert ! Malicious npm Package: nyc-config","url":"https://safedep.io/nyc-config-malicious-package","published_at":"2025-03-13"},{"title":"Malicious npm Package Impersonating Java SLF4J","url":"https://safedep.io/malicious-npm-package-impersonating-slf4j","published_at":"2025-04-21"},{"title":"Malicious npm Package Impersonating Popular Express Cookie Parser","url":"https://safedep.io/malicious-npm-package-express-cookie-parser","published_at":"2025-04-23"},{"title":"TensorFlow.js Typosquatting Attack: Malicious Package Targeting AI/ML Developers","url":"https://safedep.io/malicious-npm-package-targeting-tensorflow-users","published_at":"2025-08-12"},{"title":"Malicious npm Package pino-sdk-v2 Exfiltrates Secrets to Discord","url":"https://safedep.io/malicious-npm-package-pino-sdk-v2-env-exfiltration","published_at":"2026-03-06"},{"title":"Malicious npm Package react-refresh-update Drops Cross-Platform Trojan on Developer Machines","url":"https://safedep.io/malicious-npm-react-refresh-update","published_at":"2026-03-16"},{"title":"axios Compromised: npm Supply Chain Attack via Dependency Injection","url":"https://safedep.io/axios-npm-supply-chain-compromise","published_at":"2026-03-31"},{"title":"Malicious npm Package express-session-js Drops Full RAT Payload","url":"https://safedep.io/malicious-npm-package-express-session-js","published_at":"2026-04-02"},{"title":"Compromised npm Package mgc Deploys Multi-Platform RAT","url":"https://safedep.io/malicious-npm-mgc-compromised-rat","published_at":"2026-04-03"},{"title":"Malicious hermes-px on PyPI Steals AI Conversations","url":"https://safedep.io/malicious-hermes-px-pypi-ai-conversation-stealer","published_at":"2026-04-06"},{"title":"Malicious @velora-dex/sdk Delivers Go RAT via npm","url":"https://safedep.io/malicious-velora-dex-sdk-npm-compromised-rat","published_at":"2026-04-08"},{"title":"forge-jsx npm Package: Purpose-Built Multi-Platform RAT","url":"https://safedep.io/malicious-forge-jsx-npm-rat","published_at":"2026-04-15"},{"title":"Malicious npm Package js-logger-pack Ships a Multi-Platform WebSocket Stealer","url":"https://safedep.io/malicious-js-logger-pack-npm-stealer","published_at":"2026-04-15"},{"title":"npm-global-util: Credential Theft and Supply Chain Attack","url":"https://safedep.io/npm-global-util-malicious-package-analysis","published_at":"2026-04-29"},{"title":"martinez-polygon-clipping-tony: Trojanized npm Fork Drops Telegram RAT","url":"https://safedep.io/malicious-martinez-polygon-clipping-tony-npm-telegram-rat","published_at":"2026-05-07"},{"title":"noon-contracts npm Package: DeFi Supply Chain RAT","url":"https://safedep.io/malicious-noon-contracts-npm-defi-rat","published_at":"2026-05-10"},{"title":"art-template npm Hijack Delivers iOS Browser Exploit Kit","url":"https://safedep.io/art-template-npm-supply-chain-compromise","published_at":"2026-05-20"}]}