T1497.001

Virtualization/Sandbox Evasion: System Checks

discovered 2026-06-01

Hardcoded blacklists of known sandbox IPs and hostnames. Checks victim IP via ipinfo.io/json and local hostname against lists before proceeding with theft operations.

View on MITRE ATT&CK

Seen in packages

npm faster-axiosuses

Campaigns

Epsilon Axios Typosquat Campaignattributed-to