T1105

Ingress Tool Transfer

Package code retrieves additional payloads, tools, or stage-two malware after execution.

discovered 2024-11-04

View on MITRE ATT&CK ↗

Seen in packages

npmllm-oracleuses
npmredis-oracleuses
npmchrome-api-utilsuses
npmgrafana-sentry-datasourceuses
npm@patternfly-v5/patternflyuses
npmelectron-builder-13uses
npmgraphql.vscode-graphql-syntaxuses
npmmattermost-cloudnative-bootstrapperuses
npmnyc-configuses
npmeslint-config-prettieruses
npmeslint-plugin-prettieruses
npmsnyckituses
npm@pkgr/coreuses
npmnapi-postinstalluses
pypibitensoruses
pypibittenso-cliuses
pypiqbittensoruses
pypibittensouses
npmansi-stylesuses
npmdebuguses
npmchalkuses
npmsupports-coloruses
npmstrip-ansiuses
npmansi-regexuses
npmwrap-ansiuses
npmcolor-convertuses
npmcolor-nameuses
npmis-arrayishuses
npmslice-ansiuses
npmerror-exuses
npmcolor-stringuses
npmsimple-swizzleuses
npmsupports-hyperlinksuses
npmhas-ansiuses
npmchalk-templateuses
npmbackslashuses
npm@ctrl/tinycoloruses
npmhyatt-residential-rosteruses
npmhyatt-albumuses
npmhyatt-avataruses
npm@zapier/zapier-sdkuses
npm@asyncapi/specsuses
npm@quick-start-soft/quick-markdown-printuses
npm@quick-start-soft/quick-markdownuses
npm@quick-start-soft/quick-remove-image-backgrounduses
npm@quick-start-soft/quick-git-clean-markdownuses
npm@quick-start-soft/quick-document-translatoruses
npm@quick-start-soft/quick-markdown-imageuses
npm@quick-start-soft/quick-task-refineuses
npm@asyncapi/modelinauses
npmposthog-react-nativeuses
npmposthog-nodeuses
npm@postman/secret-scanner-wasmuses
npm@postman/csv-parseuses
npm@postman/node-keytaruses
npm@postman/tunnel-agentuses
npm@postman/wdio-allure-reporteruses
npm@postman/postman-mcp-cliuses
npm@postman/mcp-ui-clientuses
npm@postman/wdio-junit-reporteruses
npm@postman/pm-bin-macos-arm64uses
npm@postman/pm-bin-linux-x64uses
npm@postman/aether-iconsuses
npm@Schedaero/shareduses
npmreact-refresh-updateuses
pypilitellmuses
npmoc-aa-module-clientuses
npm@wame/ngx-adfsuses
npm@the-coca-cola-company/ngps-global-common-utilsuses
npmcr-static-shared-componentsuses
npm@ceeferenderer/fe-renderer-sdkuses
pypitelnyxuses
npmaxiosuses
npmexpress-session-jsuses
npmmgcuses
npmstrapi-plugin-cronuses
npmstrapi-plugin-configuses
npmstrapi-plugin-serveruses
npmstrapi-plugin-databaseuses
npmstrapi-plugin-coreuses
npmstrapi-plugin-hooksuses
npmstrapi-plugin-monitoruses
npmstrapi-plugin-eventsuses
npmstrapi-plugin-loggeruses
npmstrapi-plugin-healthuses
npmstrapi-plugin-syncuses
npmstrapi-plugin-seeduses
npmstrapi-plugin-localeuses
npmstrapi-plugin-formuses
npmstrapi-plugin-notifyuses
npmstrapi-plugin-apiuses
npmstrapi-plugin-sitemap-genuses
npmstrapi-plugin-nordica-toolsuses
npmstrapi-plugin-nordica-syncuses
npmstrapi-plugin-nordica-cmsuses
npmstrapi-plugin-nordica-apiuses
npmstrapi-plugin-nordica-reconuses
npmstrapi-plugin-nordica-stageuses
npmstrapi-plugin-nordica-vhostuses
npmstrapi-plugin-nordica-deepuses
npmstrapi-plugin-nordica-liteuses
npmstrapi-plugin-nordicauses
npmstrapi-plugin-finsevenuses
npmstrapi-plugin-hextestuses
npmstrapi-plugin-cms-toolsuses
npmstrapi-plugin-content-syncuses
npmstrapi-plugin-debug-toolsuses
npmstrapi-plugin-health-checkuses
npmstrapi-plugin-guardarian-extuses
npmstrapi-plugin-advanced-uuiduses
npmstrapi-plugin-blurhashuses
npm@velora-dex/sdkuses
npmsjs-bigintegeruses
npmsjs-lint-build1uses
npmbjs-bigintegeruses
npmbjs-lint-builderuses
npmbjs-lint-buildersuses
npmcjs-bigintegeruses
npmts-lint-buildsuses
npm@genoma-ui/componentsuses
npmrrweb-v1uses
npm@needl-ai/commonuses
npmdom-utils-liteuses
npmcentraloggeruses
npmforge-jsxuses
npm@johntaohunter/forge-jsxuses
npmjs-logger-packuses
npmixpresso-coreuses
npmgodsplanuses
npmeyevoxuses
npm@bitwarden/cliuses
npm@cap-js/sqliteuses
npm@cap-js/postgresuses
npm@cap-js/db-serviceuses
npmmbtuses
npmnpm-global-utiluses
pypipytorch-lightninguses
npmexioussuses
npmcommon-tg-serviceuses
npmams-sskuses
npmnode-env-resolveuses
npmmartinez-polygon-clipping-tonyuses
npmnoon-contractsuses
npmiceberg-javascriptuses
npmsupabase-javascriptuses
npmauth-javascriptuses
npmmicrosoft-applicationinsights-commonuses
npmms-graph-typesuses
npmnode-ipcuses
npmai-figureuses
npmamapcnuses
npm@antv/a8uses
npm@antv/adjustuses
npm@antv/algorithmuses
npm@antv/async-hookuses
npm@antv/attruses
npm@antv/avauses
npm@antv/ava-reactuses
npm@antv/awardsuses
npm@antv/calendar-heatmapuses
npm@antv/chart-linteruses
npm@antv/chart-node-g6uses
npm@antv/chart-visualization-skillsuses
npm@antv/ckbuses
npm@antv/color-schemauses
npm@antv/color-utiluses
npm@antv/componentuses
npm@antv/coorduses
npm@antv/d3-coloruses
npm@antv/d3-interpolateuses
npm@antv/data-samplesuses
npm@antv/data-setuses
npm@antv/data-wizarduses
npm@antv/dipper-componentuses
npm@antv/dipper-hooksuses
npm@antv/dipper-mapuses
npm@antv/dom-utiluses
npm@antv/dumi-theme-antvuses
npm@antv/dw-analyzeruses
npm@antv/dw-randomuses
npm@antv/dw-transformuses
npm@antv/dw-utiluses
npm@antv/event-emitteruses
npm@antv/expruses
npm@antv/f2uses
npm@antv/f2-algorithmuses
npm@antv/f2-canvasuses
npm@antv/f2-contextuses
npm@antv/f2-graphicuses
npm@antv/f2-myuses
npm@antv/f2-reactuses
npm@antv/f2-siteuses
npm@antv/f2-vueuses
npm@antv/f2-wordclouduses
npm@antv/f2-wxuses
npm@antv/f6uses
npm@antv/f6-alipayuses
npm@antv/f6-coreuses
npm@antv/f6-elementuses
npm@antv/f6-hammerjsuses
npm@antv/f6-pluginuses
npm@antv/f6-uiuses
npm@antv/f6-wxuses
npm@antv/f-chartsuses
npm@antv/f-engineuses
npm@antv/f-lottieuses
npm@antv/f-myuses
npm@antv/f-reactuses
npm@antv/f-test-utilsuses
npm@antv/f-vueuses
npm@antv/f-wxuses
npm@antv/g2uses
npm@antv/g2-brushuses
npm@antv/g2-extension-3duses
npm@antv/g2-extension-avauses
npm@antv/g2-extension-plotuses
npm@antv/g2plotuses
npm@antv/g2plot-schemasuses
npm@antv/g2-plugin-slideruses
npm@antv/g2-ssruses
npm@antv/guses
npm@antv/g6uses
npm@antv/g6-alipayuses
npm@antv/g6-cliuses
npm@antv/g6-coreuses
npm@antv/g6-editoruses
npm@antv/g6-elementuses
npm@antv/g6-extension-3duses
npm@antv/g6-extension-reactuses
npm@antv/g6-mobileuses
npm@antv/g6-pcuses
npm@antv/g6-pluginuses
npm@antv/g6-plugin-map-viewuses
npm@antv/g6-pluginsuses
npm@antv/g6-react-nodeuses
npm@antv/g6-ssruses
npm@antv/g6-wxuses
npm@antv/gatsby-themeuses
npm@antv/g-baseuses
npm@antv/g-camera-apiuses
npm@antv/g-canvasuses
npm@antv/g-canvaskituses
npm@antv/g-compatuses
npm@antv/g-componentsuses
npm@antv/g-css-layout-apiuses
npm@antv/g-css-typed-om-apiuses
npm@antv/g-device-apiuses
npm@antv/g-dom-mutation-observer-apiuses
npm@antv/geo-coorduses
npm@antv/g-gestureuses
npm@antv/gi-assets-advanceuses
npm@antv/gi-assets-algorithmuses
npm@antv/gi-assets-basicuses
npm@antv/gi-assets-galaxybaseuses
npm@antv/gi-assets-graphscopeuses
npm@antv/gi-assets-hugegraphuses
npm@antv/gi-assets-janusgraphuses
npm@antv/gi-assets-neo4juses
npm@antv/gi-assets-sceneuses
npm@antv/gi-assets-tugraphuses
npm@antv/gi-assets-tugraph-analyticsuses
npm@antv/gi-assets-xlabuses
npm@antv/gi-cliuses
npm@antv/gi-common-componentsuses
npm@antv/g-image-exporteruses
npm@antv/gi-mock-datauses
npm@antv/gi-public-datauses
npm@antv/gi-sdkuses
npm@antv/gi-sdk-appuses
npm@antv/gi-theme-antduses
npm@antv/github-config-cliuses
npm@antv/g-layout-blocklikeuses
npm@antv/g-liteuses
npm@antv/gl-matrixuses
npm@antv/g-lottie-playeruses
npm@antv/g-mathuses
npm@antv/g-mobileuses
npm@antv/g-mobile-canvasuses
npm@antv/g-mobile-canvas-elementuses
npm@antv/g-mobile-svguses
npm@antv/g-mobile-webgluses
npm@antv/g-patternuses
npm@antv/g-perfuses
npm@antv/g-plugin-3duses
npm@antv/g-plugin-a11yuses
npm@antv/g-plugin-annotationuses
npm@antv/g-plugin-box2duses
npm@antv/g-plugin-canvaskit-rendereruses
npm@antv/g-plugin-canvas-path-generatoruses
npm@antv/g-plugin-canvas-pickeruses
npm@antv/g-plugin-canvas-rendereruses
npm@antv/g-plugin-controluses
npm@antv/g-plugin-css-selectuses
npm@antv/g-plugin-device-rendereruses
npm@antv/g-plugin-dom-interactionuses
npm@antv/g-plugin-dragndropuses
npm@antv/g-plugin-gestureuses
npm@antv/g-plugin-gpgpuuses
npm@antv/g-plugin-html-rendereruses
npm@antv/g-plugin-image-loaderuses
npm@antv/g-plugin-matterjsuses
npm@antv/g-plugin-mobile-interactionuses
npm@antv/g-plugin-physxuses
npm@antv/g-plugin-rough-canvas-rendereruses
npm@antv/g-plugin-rough-svg-rendereruses
npm@antv/g-plugin-svg-pickeruses
npm@antv/g-plugin-svg-rendereruses
npm@antv/g-plugin-webgl-deviceuses
npm@antv/g-plugin-webgl-rendereruses
npm@antv/g-plugin-webgpu-deviceuses
npm@antv/g-plugin-yogauses
npm@antv/g-plugin-zdog-canvas-rendereruses
npm@antv/g-plugin-zdog-svg-rendereruses
npm@antv/gpt-visuses
npm@antv/gpt-vis-ssruses
npm@antv/graphinuses
npm@antv/graphin-componentsuses
npm@antv/graphin-graphscopeuses
npm@antv/graphin-iconsuses
npm@antv/graphlibuses
npm@antv/g-shader-componentsuses
npm@antv/g-svguses
npm@antv/g-web-animations-apiuses
npm@antv/g-web-componentsuses
npm@antv/g-webgluses
npm@antv/g-webgl-computeuses
npm@antv/g-webgpuuses
npm@antv/g-webgpu-compileruses
npm@antv/g-webgpu-coreuses
npm@antv/g-webgpu-engineuses
npm@antv/g-webgpu-raytraceruses
npm@antv/g-webgpu-unitchartuses
npm@antv/hierarchyuses
npm@antv/infographicuses
npm@antv/insight-componentuses
npm@antv/interactionuses
npm@antv/istanbuluses
npm@antv/knowledgeuses
npm@antv/l7uses
npm@antv/l7-componentuses
npm@antv/l7-composite-layersuses
npm@antv/l7-coreuses
npm@antv/l7-districtuses
npm@antv/l7-drawuses
npm@antv/l7-editoruses
npm@antv/l7-extension-g-layeruses
npm@antv/l7-layersuses
npm@antv/l7-leafletuses
npm@antv/l7-mapuses
npm@antv/l7-mapkituses
npm@antv/l7-mapsuses
npm@antv/l7-miniuses
npm@antv/l7-passuses
npm@antv/l7plotuses
npm@antv/l7plot-componentuses
npm@antv/l7-reactuses
npm@antv/l7-rendereruses
npm@antv/l7-sceneuses
npm@antv/l7-sourceuses
npm@antv/l7-threeuses
npm@antv/l7-utilsuses
npm@antv/larkmapuses
npm@antv/layout-gpuuses
npm@antv/layout-wasmuses
npm@antv/li-aiearth-assetsuses
npm@antv/li-analysis-assetsuses
npm@antv/li-core-assetsuses
npm@antv/li-editoruses
npm@antv/li-p2uses
npm@antv/li-sam-assetsuses
npm@antv/li-sdkuses
npm@antv/lite-insightuses
npm@antv/matrix-utiluses
npm@antv/mcp-server-antvuses
npm@antv/mcp-server-chartuses
npm@antv/my-f2uses
npm@antv/my-f2-pcuses
npm@antv/narrative-text-editoruses
npm@antv/narrative-text-schemauses
npm@antv/narrative-text-visuses
npm@antv/path-utiluses
npm@antv/react-guses
npm@antv/s2uses
npm@antv/s2-reactuses
npm@antv/s2-react-componentsuses
npm@antv/s2-ssruses
npm@antv/s2-vueuses
npm@antv/samuses
npm@antv/scaleuses
npm@antv/semantic-release-pnpmuses
npm@antv/smart-coloruses
npm@antv/statuses
npm@antv/t8uses
npm@antv/thumbnailsuses
npm@antv/thumbnails-componentuses
npm@antv/torchuses
npm@antv/translatoruses
npm@antv/utiluses
npm@antv/vendoruses
npm@antv/vis-predict-engineuses
npm@antv/webgpu-graphuses
npm@antv/word-scale-chartuses
npm@antv/wx-f2uses
npm@antv/x6uses
npm@antv/x6-angular-shapeuses
npm@antv/x6-commonuses
npm@antv/x6-componentsuses
npm@antv/x6-geometryuses
npm@antv/x6-plugin-clipboarduses
npm@antv/x6-plugin-dnduses
npm@antv/x6-plugin-exportuses
npm@antv/x6-plugin-historyuses
npm@antv/x6-plugin-keyboarduses
npm@antv/x6-plugin-minimapuses
npm@antv/x6-plugin-scrolleruses
npm@antv/x6-plugin-selectionuses
npm@antv/x6-plugin-snaplineuses
npm@antv/x6-plugin-stenciluses
npm@antv/x6-plugin-transformuses
npm@antv/x6-reactuses
npm@antv/x6-react-componentsuses
npm@antv/x6-react-shapeuses
npm@antv/x6-vectoruses
npm@antv/x6-vue3-shapeuses
npm@antv/x6-vue-shapeuses
npm@antv/xflowuses
npm@antv/xflow-coreuses
npm@antv/xflow-diffuses
npm@antv/xflow-extensionuses
npm@antv/xflow-hookuses
npmast-pluginuses
npmbabel-plugin-versionuses
npmboring-avatars-vanillauses
npmbyte-parseruses
npmcanvas-nest.jsuses
npmecharts-for-reactuses
npmfilesize.jsuses
npmfixed-rounduses
npmgantt-for-reactuses
npmjest-canvas-mockuses
npmjest-date-mockuses
npmjest-electronuses
npmjest-expectuses
npmjest-less-loaderuses
npmjest-random-mockuses
npmjest-url-loaderuses
npmlimit-sizeuses
npmlint-mduses
npmlint-md-cliuses
npm@lint-md/cliuses
npm@lint-md/coreuses
npm@lint-md/parseruses
npmmcp-echartsuses
npmmcp-mermaiduses
npmmizuses
npmonfire.jsuses
npmreact-adsenseuses
npmrelationship.jsuses
npmribbon.jsuses
npmsize-sensoruses
npmslice.jsuses
npmtimeago.jsuses
npmtimeago-reactuses
npmuri-parseuses
npmword-widthuses
npmxmorseuses
pypidurabletaskuses

Campaigns

No Specific Campaignattributed-to
Enterprise Dependency Confusionattributed-to
eslint-config-prettier Compromiseattributed-to
Bittensor Typosquat Campaignattributed-to
qix npm Account Compromiseattributed-to
Shai-Huludattributed-to
TeamPCPattributed-to
Strapi Plugin C2 Campaignattributed-to
big.js Typosquat SSH Backdoorattributed-to
tanvisoul9 npm Backdoorsattributed-to
fucktestpad npm Malwareattributed-to
Mini Shai-Huludattributed-to
shetty123 Telegram Hijackattributed-to
Claude Code Hook Backdoorsattributed-to