Objective
Harvest credentials and self-propagate through the npm scope.
Packages
Indicators
- domain telemetry.api-monitor.comcommunicates-with
- ipv4 143.198.237.25communicates-with
- ipv4 23.236.116.77communicates-with
- ipv4 209.34.235.18communicates-with
- sha256 4dbecce9ab3cf1739a9b90f9a9f304a3a44f69332320ae0753c129cf078e6f34indicates
- sha256 513eed96cabdea495a7141666eb77216dee6f0754ef643917346a47a2ff61476indicates
- sha256 834b6e5db5710b9308d0598978a0148a9dc832361f1fa0b7ad4343dcceba2812indicates
Techniques
- ttp T1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
- ttp T1059.007 Command and Scripting Interpreter: JavaScriptuses
- ttp T1552.001 Unsecured Credentials: Credentials In Filesuses
- ttp T1041 Exfiltration Over C2 Channeluses
- ttp T1552.004 Unsecured Credentials: Private Keysuses
- ttp T1528 Steal Application Access Tokenuses
- ttp T1071.001 Application Layer Protocol: Web Protocolsuses
- ttp T1021 Remote Servicesuses
- ttp T1098 Account Manipulationuses
