@quick-start-soft/quick-markdown-image
@quick-start-soft/quick-markdown-image is identified in the SafeDep analysis "Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.
discovered 2025-11-24
Threat types
credential_stealerdata_exfiltrationwormpersistence
Malicious versions
- 1.4.2511142126
Campaigns
Indicators
Techniques
- ttpT1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
- ttpT1059.007 Command and Scripting Interpreter: JavaScriptuses
- ttpT1552.001 Unsecured Credentials: Credentials In Filesuses
- ttpT1041 Exfiltration Over C2 Channeluses
- ttpT1528 Steal Application Access Tokenuses
- ttpT1105 Ingress Tool Transferuses
- ttpT1071.001 Application Layer Protocol: Web Protocolsuses
- ttpT1102 Web Serviceuses
- ttpT1546 Event Triggered Executionuses
- ttpT1021 Remote Servicesuses
- ttpT1098 Account Manipulationuses
- ttpT1027 Obfuscated Files or Informationuses
