Mini Shai-Hulud

discovered 2026-04-29

Three compromised versions of the Microsoft durabletask Python SDK (1.4.1, 1.4.2, 1.4.3) were published to PyPI, each downloading a stage-2 payload that steals credentials from AWS, Azure, GCP, Kubernetes, HashiCorp Vault, and password managers, then propagates to other hosts via SSM and kubectl exec.

more…

Objective

Steal developer, cloud, registry, and application credentials through malicious package execution and self-propagate via stolen tokens and trusted-publishing abuse.

Related campaigns

TeamPCPvariant-of
Miasma: The Spreading Blightvariant-of

Packages

npm @cap-js/sqliteattributed-to
npm @cap-js/postgresattributed-to
npm @cap-js/db-serviceattributed-to
npm mbtattributed-to
npm @beproduct/nestjs-authattributed-to
npm @dirigible-ai/sdkattributed-to
npm @draftauth/clientattributed-to
npm @draftauth/coreattributed-to
npm @draftlab/authattributed-to
npm @draftlab/auth-routerattributed-to
npm @draftlab/dbattributed-to
npm @mesadev/restattributed-to
npm @mesadev/saguaroattributed-to
npm @mesadev/sdkattributed-to
npm @mistralai/mistralaiattributed-to
npm @mistralai/mistralai-azureattributed-to
npm @mistralai/mistralai-gcpattributed-to
npm @ml-toolkit-ts/preprocessingattributed-to
npm @ml-toolkit-ts/xgboostattributed-to
npm @opensearch-project/opensearchattributed-to
npm @squawk/airport-dataattributed-to
npm @squawk/airportsattributed-to
npm @squawk/airspaceattributed-to
npm @squawk/airspace-dataattributed-to
npm @squawk/airway-dataattributed-to
npm @squawk/airwaysattributed-to
npm @squawk/fix-dataattributed-to
npm @squawk/fixesattributed-to
npm @squawk/flight-mathattributed-to
npm @squawk/flightplanattributed-to
npm @squawk/geoattributed-to
npm @squawk/icao-registryattributed-to
npm @squawk/icao-registry-dataattributed-to
npm @squawk/mcpattributed-to
npm @squawk/navaid-dataattributed-to
npm @squawk/navaidsattributed-to
npm @squawk/notamsattributed-to
npm @squawk/procedure-dataattributed-to
npm @squawk/proceduresattributed-to
npm @squawk/typesattributed-to
npm @squawk/unitsattributed-to
npm @squawk/weatherattributed-to
npm @supersurkhet/cliattributed-to
npm @supersurkhet/sdkattributed-to
npm @tallyui/componentsattributed-to
npm @tallyui/connector-medusaattributed-to
npm @tallyui/connector-shopifyattributed-to
npm @tallyui/connector-vendureattributed-to
npm @tallyui/connector-woocommerceattributed-to
npm @tallyui/coreattributed-to
npm @tallyui/databaseattributed-to
npm @tallyui/posattributed-to
npm @tallyui/storage-sqliteattributed-to
npm @tallyui/themeattributed-to
npm @tanstack/arktype-adapterattributed-to
npm @tanstack/eslint-plugin-routerattributed-to
npm @tanstack/eslint-plugin-startattributed-to
npm @tanstack/historyattributed-to
npm @tanstack/nitro-v2-vite-pluginattributed-to
npm @tanstack/react-routerattributed-to
npm @tanstack/react-router-devtoolsattributed-to
npm @tanstack/react-router-ssr-queryattributed-to
npm @tanstack/react-startattributed-to
npm @tanstack/react-start-clientattributed-to
npm @tanstack/react-start-rscattributed-to
npm @tanstack/react-start-serverattributed-to
npm @tanstack/router-cliattributed-to
npm @tanstack/router-coreattributed-to
npm @tanstack/router-devtoolsattributed-to
npm @tanstack/router-devtools-coreattributed-to
npm @tanstack/router-generatorattributed-to
npm @tanstack/router-pluginattributed-to
npm @tanstack/router-ssr-query-coreattributed-to
npm @tanstack/router-utilsattributed-to
npm @tanstack/router-vite-pluginattributed-to
npm @tanstack/solid-routerattributed-to
npm @tanstack/solid-router-devtoolsattributed-to
npm @tanstack/solid-router-ssr-queryattributed-to
npm @tanstack/solid-startattributed-to
npm @tanstack/solid-start-clientattributed-to
npm @tanstack/solid-start-serverattributed-to
npm @tanstack/start-client-coreattributed-to
npm @tanstack/start-fn-stubsattributed-to
npm @tanstack/start-plugin-coreattributed-to
npm @tanstack/start-server-coreattributed-to
npm @tanstack/start-static-server-functionsattributed-to
npm @tanstack/start-storage-contextattributed-to
npm @tanstack/valibot-adapterattributed-to
npm @tanstack/virtual-file-routesattributed-to
npm @tanstack/vue-routerattributed-to
npm @tanstack/vue-router-devtoolsattributed-to
npm @tanstack/vue-router-ssr-queryattributed-to
npm @tanstack/vue-startattributed-to
npm @tanstack/vue-start-clientattributed-to
npm @tanstack/vue-start-serverattributed-to
npm @tanstack/zod-adapterattributed-to
npm @taskflow-corp/cliattributed-to
npm @tolka/cliattributed-to
npm @uipath/access-policy-sdkattributed-to
npm @uipath/access-policy-toolattributed-to
npm @uipath/admin-toolattributed-to
npm @uipath/agent-sdkattributed-to
npm @uipath/agent-toolattributed-to
npm @uipath/agent.sdkattributed-to
npm @uipath/aops-policy-toolattributed-to
npm @uipath/ap-chatattributed-to
npm @uipath/api-workflow-toolattributed-to
npm @uipath/apollo-coreattributed-to
npm @uipath/apollo-reactattributed-to
npm @uipath/apollo-windattributed-to
npm @uipath/authattributed-to
npm @uipath/case-toolattributed-to
npm @uipath/cliattributed-to
npm @uipath/codedagent-toolattributed-to
npm @uipath/codedagents-toolattributed-to
npm @uipath/codedapp-toolattributed-to
npm @uipath/commonattributed-to
npm @uipath/context-grounding-toolattributed-to
npm @uipath/data-fabric-toolattributed-to
npm @uipath/docsai-toolattributed-to
npm @uipath/filesystemattributed-to
npm @uipath/flow-toolattributed-to
npm @uipath/functions-toolattributed-to
npm @uipath/gov-toolattributed-to
npm @uipath/identity-toolattributed-to
npm @uipath/insights-sdkattributed-to
npm @uipath/insights-toolattributed-to
npm @uipath/integrationservice-sdkattributed-to
npm @uipath/integrationservice-toolattributed-to
npm @uipath/llmgw-toolattributed-to
npm @uipath/maestro-sdkattributed-to
npm @uipath/maestro-toolattributed-to
npm @uipath/orchestrator-toolattributed-to
npm @uipath/packager-tool-apiworkflowattributed-to
npm @uipath/packager-tool-bpmnattributed-to
npm @uipath/packager-tool-caseattributed-to
npm @uipath/packager-tool-connectorattributed-to
npm @uipath/packager-tool-flowattributed-to
npm @uipath/packager-tool-functionsattributed-to
npm @uipath/packager-tool-webappattributed-to
npm @uipath/packager-tool-workflowcompilerattributed-to
npm @uipath/packager-tool-workflowcompiler-browserattributed-to
npm @uipath/platform-toolattributed-to
npm @uipath/project-packagerattributed-to
npm @uipath/resource-toolattributed-to
npm @uipath/resourcecatalog-toolattributed-to
npm @uipath/resources-toolattributed-to
npm @uipath/robotattributed-to
npm @uipath/rpa-legacy-toolattributed-to
npm @uipath/rpa-toolattributed-to
npm @uipath/solution-packagerattributed-to
npm @uipath/solution-toolattributed-to
npm @uipath/solutionpackager-sdkattributed-to
npm @uipath/solutionpackager-tool-coreattributed-to
npm @uipath/tasks-toolattributed-to
npm @uipath/telemetryattributed-to
npm @uipath/test-manager-toolattributed-to
npm @uipath/tool-workflowcompilerattributed-to
npm @uipath/traces-toolattributed-to
npm @uipath/ui-widgets-multi-file-uploadattributed-to
npm @uipath/uipath-python-bridgeattributed-to
npm @uipath/vertical-solutions-toolattributed-to
npm @uipath/vssattributed-to
npm @uipath/widget.sdkattributed-to
npm agentwork-cliattributed-to
npm cmux-agent-mcpattributed-to
npm cross-stitchattributed-to
npm git-branch-selectorattributed-to
npm git-git-gitattributed-to
npm ml-toolkit-tsattributed-to
npm nextmove-mcpattributed-to
npm safe-actionattributed-to
npm ts-dnaattributed-to
npm wot-apiattributed-to
pypi guardrails-aiattributed-to
pypi mistralaiattributed-to
npm node-ipcattributed-to
npm ai-figureattributed-to
npm amapcnattributed-to
npm @antv/a8attributed-to
npm @antv/adjustattributed-to
npm @antv/algorithmattributed-to
npm @antv/async-hookattributed-to
npm @antv/attrattributed-to
npm @antv/avaattributed-to
npm @antv/ava-reactattributed-to
npm @antv/awardsattributed-to
npm @antv/calendar-heatmapattributed-to
npm @antv/chart-linterattributed-to
npm @antv/chart-node-g6attributed-to
npm @antv/chart-visualization-skillsattributed-to
npm @antv/ckbattributed-to
npm @antv/color-schemaattributed-to
npm @antv/color-utilattributed-to
npm @antv/componentattributed-to
npm @antv/coordattributed-to
npm @antv/d3-colorattributed-to
npm @antv/d3-interpolateattributed-to
npm @antv/data-samplesattributed-to
npm @antv/data-setattributed-to
npm @antv/data-wizardattributed-to
npm @antv/dipper-componentattributed-to
npm @antv/dipper-hooksattributed-to
npm @antv/dipper-mapattributed-to
npm @antv/dom-utilattributed-to
npm @antv/dumi-theme-antvattributed-to
npm @antv/dw-analyzerattributed-to
npm @antv/dw-randomattributed-to
npm @antv/dw-transformattributed-to
npm @antv/dw-utilattributed-to
npm @antv/event-emitterattributed-to
npm @antv/exprattributed-to
npm @antv/f2attributed-to
npm @antv/f2-algorithmattributed-to
npm @antv/f2-canvasattributed-to
npm @antv/f2-contextattributed-to
npm @antv/f2-graphicattributed-to
npm @antv/f2-myattributed-to
npm @antv/f2-reactattributed-to
npm @antv/f2-siteattributed-to
npm @antv/f2-vueattributed-to
npm @antv/f2-wordcloudattributed-to
npm @antv/f2-wxattributed-to
npm @antv/f6attributed-to
npm @antv/f6-alipayattributed-to
npm @antv/f6-coreattributed-to
npm @antv/f6-elementattributed-to
npm @antv/f6-hammerjsattributed-to
npm @antv/f6-pluginattributed-to
npm @antv/f6-uiattributed-to
npm @antv/f6-wxattributed-to
npm @antv/f-chartsattributed-to
npm @antv/f-engineattributed-to
npm @antv/f-lottieattributed-to
npm @antv/f-myattributed-to
npm @antv/f-reactattributed-to
npm @antv/f-test-utilsattributed-to
npm @antv/f-vueattributed-to
npm @antv/f-wxattributed-to
npm @antv/g2attributed-to
npm @antv/g2-brushattributed-to
npm @antv/g2-extension-3dattributed-to
npm @antv/g2-extension-avaattributed-to
npm @antv/g2-extension-plotattributed-to
npm @antv/g2plotattributed-to
npm @antv/g2plot-schemasattributed-to
npm @antv/g2-plugin-sliderattributed-to
npm @antv/g2-ssrattributed-to
npm @antv/gattributed-to
npm @antv/g6attributed-to
npm @antv/g6-alipayattributed-to
npm @antv/g6-cliattributed-to
npm @antv/g6-coreattributed-to
npm @antv/g6-editorattributed-to
npm @antv/g6-elementattributed-to
npm @antv/g6-extension-3dattributed-to
npm @antv/g6-extension-reactattributed-to
npm @antv/g6-mobileattributed-to
npm @antv/g6-pcattributed-to
npm @antv/g6-pluginattributed-to
npm @antv/g6-plugin-map-viewattributed-to
npm @antv/g6-pluginsattributed-to
npm @antv/g6-react-nodeattributed-to
npm @antv/g6-ssrattributed-to
npm @antv/g6-wxattributed-to
npm @antv/gatsby-themeattributed-to
npm @antv/g-baseattributed-to
npm @antv/g-camera-apiattributed-to
npm @antv/g-canvasattributed-to
npm @antv/g-canvaskitattributed-to
npm @antv/g-compatattributed-to
npm @antv/g-componentsattributed-to
npm @antv/g-css-layout-apiattributed-to
npm @antv/g-css-typed-om-apiattributed-to
npm @antv/g-device-apiattributed-to
npm @antv/g-dom-mutation-observer-apiattributed-to
npm @antv/geo-coordattributed-to
npm @antv/g-gestureattributed-to
npm @antv/gi-assets-advanceattributed-to
npm @antv/gi-assets-algorithmattributed-to
npm @antv/gi-assets-basicattributed-to
npm @antv/gi-assets-galaxybaseattributed-to
npm @antv/gi-assets-graphscopeattributed-to
npm @antv/gi-assets-hugegraphattributed-to
npm @antv/gi-assets-janusgraphattributed-to
npm @antv/gi-assets-neo4jattributed-to
npm @antv/gi-assets-sceneattributed-to
npm @antv/gi-assets-tugraphattributed-to
npm @antv/gi-assets-tugraph-analyticsattributed-to
npm @antv/gi-assets-xlabattributed-to
npm @antv/gi-cliattributed-to
npm @antv/gi-common-componentsattributed-to
npm @antv/g-image-exporterattributed-to
npm @antv/gi-mock-dataattributed-to
npm @antv/gi-public-dataattributed-to
npm @antv/gi-sdkattributed-to
npm @antv/gi-sdk-appattributed-to
npm @antv/gi-theme-antdattributed-to
npm @antv/github-config-cliattributed-to
npm @antv/g-layout-blocklikeattributed-to
npm @antv/g-liteattributed-to
npm @antv/gl-matrixattributed-to
npm @antv/g-lottie-playerattributed-to
npm @antv/g-mathattributed-to
npm @antv/g-mobileattributed-to
npm @antv/g-mobile-canvasattributed-to
npm @antv/g-mobile-canvas-elementattributed-to
npm @antv/g-mobile-svgattributed-to
npm @antv/g-mobile-webglattributed-to
npm @antv/g-patternattributed-to
npm @antv/g-perfattributed-to
npm @antv/g-plugin-3dattributed-to
npm @antv/g-plugin-a11yattributed-to
npm @antv/g-plugin-annotationattributed-to
npm @antv/g-plugin-box2dattributed-to
npm @antv/g-plugin-canvaskit-rendererattributed-to
npm @antv/g-plugin-canvas-path-generatorattributed-to
npm @antv/g-plugin-canvas-pickerattributed-to
npm @antv/g-plugin-canvas-rendererattributed-to
npm @antv/g-plugin-controlattributed-to
npm @antv/g-plugin-css-selectattributed-to
npm @antv/g-plugin-device-rendererattributed-to
npm @antv/g-plugin-dom-interactionattributed-to
npm @antv/g-plugin-dragndropattributed-to
npm @antv/g-plugin-gestureattributed-to
npm @antv/g-plugin-gpgpuattributed-to
npm @antv/g-plugin-html-rendererattributed-to
npm @antv/g-plugin-image-loaderattributed-to
npm @antv/g-plugin-matterjsattributed-to
npm @antv/g-plugin-mobile-interactionattributed-to
npm @antv/g-plugin-physxattributed-to
npm @antv/g-plugin-rough-canvas-rendererattributed-to
npm @antv/g-plugin-rough-svg-rendererattributed-to
npm @antv/g-plugin-svg-pickerattributed-to
npm @antv/g-plugin-svg-rendererattributed-to
npm @antv/g-plugin-webgl-deviceattributed-to
npm @antv/g-plugin-webgl-rendererattributed-to
npm @antv/g-plugin-webgpu-deviceattributed-to
npm @antv/g-plugin-yogaattributed-to
npm @antv/g-plugin-zdog-canvas-rendererattributed-to
npm @antv/g-plugin-zdog-svg-rendererattributed-to
npm @antv/gpt-visattributed-to
npm @antv/gpt-vis-ssrattributed-to
npm @antv/graphinattributed-to
npm @antv/graphin-componentsattributed-to
npm @antv/graphin-graphscopeattributed-to
npm @antv/graphin-iconsattributed-to
npm @antv/graphlibattributed-to
npm @antv/g-shader-componentsattributed-to
npm @antv/g-svgattributed-to
npm @antv/g-web-animations-apiattributed-to
npm @antv/g-web-componentsattributed-to
npm @antv/g-webglattributed-to
npm @antv/g-webgl-computeattributed-to
npm @antv/g-webgpuattributed-to
npm @antv/g-webgpu-compilerattributed-to
npm @antv/g-webgpu-coreattributed-to
npm @antv/g-webgpu-engineattributed-to
npm @antv/g-webgpu-raytracerattributed-to
npm @antv/g-webgpu-unitchartattributed-to
npm @antv/hierarchyattributed-to
npm @antv/infographicattributed-to
npm @antv/insight-componentattributed-to
npm @antv/interactionattributed-to
npm @antv/istanbulattributed-to
npm @antv/knowledgeattributed-to
npm @antv/l7attributed-to
npm @antv/l7-componentattributed-to
npm @antv/l7-composite-layersattributed-to
npm @antv/l7-coreattributed-to
npm @antv/l7-districtattributed-to
npm @antv/l7-drawattributed-to
npm @antv/l7-editorattributed-to
npm @antv/l7-extension-g-layerattributed-to
npm @antv/l7-layersattributed-to
npm @antv/l7-leafletattributed-to
npm @antv/l7-mapattributed-to
npm @antv/l7-mapkitattributed-to
npm @antv/l7-mapsattributed-to
npm @antv/l7-miniattributed-to
npm @antv/l7-passattributed-to
npm @antv/l7plotattributed-to
npm @antv/l7plot-componentattributed-to
npm @antv/l7-reactattributed-to
npm @antv/l7-rendererattributed-to
npm @antv/l7-sceneattributed-to
npm @antv/l7-sourceattributed-to
npm @antv/l7-threeattributed-to
npm @antv/l7-utilsattributed-to
npm @antv/larkmapattributed-to
npm @antv/layout-gpuattributed-to
npm @antv/layout-wasmattributed-to
npm @antv/li-aiearth-assetsattributed-to
npm @antv/li-analysis-assetsattributed-to
npm @antv/li-core-assetsattributed-to
npm @antv/li-editorattributed-to
npm @antv/li-p2attributed-to
npm @antv/li-sam-assetsattributed-to
npm @antv/li-sdkattributed-to
npm @antv/lite-insightattributed-to
npm @antv/matrix-utilattributed-to
npm @antv/mcp-server-antvattributed-to
npm @antv/mcp-server-chartattributed-to
npm @antv/my-f2attributed-to
npm @antv/my-f2-pcattributed-to
npm @antv/narrative-text-editorattributed-to
npm @antv/narrative-text-schemaattributed-to
npm @antv/narrative-text-visattributed-to
npm @antv/path-utilattributed-to
npm @antv/react-gattributed-to
npm @antv/s2attributed-to
npm @antv/s2-reactattributed-to
npm @antv/s2-react-componentsattributed-to
npm @antv/s2-ssrattributed-to
npm @antv/s2-vueattributed-to
npm @antv/samattributed-to
npm @antv/scaleattributed-to
npm @antv/semantic-release-pnpmattributed-to
npm @antv/smart-colorattributed-to
npm @antv/statattributed-to
npm @antv/t8attributed-to
npm @antv/thumbnailsattributed-to
npm @antv/thumbnails-componentattributed-to
npm @antv/torchattributed-to
npm @antv/translatorattributed-to
npm @antv/utilattributed-to
npm @antv/vendorattributed-to
npm @antv/vis-predict-engineattributed-to
npm @antv/webgpu-graphattributed-to
npm @antv/word-scale-chartattributed-to
npm @antv/wx-f2attributed-to
npm @antv/x6attributed-to
npm @antv/x6-angular-shapeattributed-to
npm @antv/x6-commonattributed-to
npm @antv/x6-componentsattributed-to
npm @antv/x6-geometryattributed-to
npm @antv/x6-plugin-clipboardattributed-to
npm @antv/x6-plugin-dndattributed-to
npm @antv/x6-plugin-exportattributed-to
npm @antv/x6-plugin-historyattributed-to
npm @antv/x6-plugin-keyboardattributed-to
npm @antv/x6-plugin-minimapattributed-to
npm @antv/x6-plugin-scrollerattributed-to
npm @antv/x6-plugin-selectionattributed-to
npm @antv/x6-plugin-snaplineattributed-to
npm @antv/x6-plugin-stencilattributed-to
npm @antv/x6-plugin-transformattributed-to
npm @antv/x6-reactattributed-to
npm @antv/x6-react-componentsattributed-to
npm @antv/x6-react-shapeattributed-to
npm @antv/x6-vectorattributed-to
npm @antv/x6-vue3-shapeattributed-to
npm @antv/x6-vue-shapeattributed-to
npm @antv/xflowattributed-to
npm @antv/xflow-coreattributed-to
npm @antv/xflow-diffattributed-to
npm @antv/xflow-extensionattributed-to
npm @antv/xflow-hookattributed-to
npm ast-pluginattributed-to
npm babel-plugin-versionattributed-to
npm boring-avatars-vanillaattributed-to
npm byte-parserattributed-to
npm canvas-nest.jsattributed-to
npm echarts-for-reactattributed-to
npm filesize.jsattributed-to
npm fixed-roundattributed-to
npm gantt-for-reactattributed-to
npm jest-canvas-mockattributed-to
npm jest-date-mockattributed-to
npm jest-electronattributed-to
npm jest-expectattributed-to
npm jest-less-loaderattributed-to
npm jest-random-mockattributed-to
npm jest-url-loaderattributed-to
npm limit-sizeattributed-to
npm lint-mdattributed-to
npm lint-md-cliattributed-to
npm @lint-md/cliattributed-to
npm @lint-md/coreattributed-to
npm @lint-md/parserattributed-to
npm mcp-echartsattributed-to
npm mcp-mermaidattributed-to
npm mizattributed-to
npm onfire.jsattributed-to
npm react-adsenseattributed-to
npm relationship.jsattributed-to
npm ribbon.jsattributed-to
npm size-sensorattributed-to
npm slice.jsattributed-to
npm timeago.jsattributed-to
npm timeago-reactattributed-to
npm uri-parseattributed-to
npm word-widthattributed-to
npm xmorseattributed-to
pypi durabletaskattributed-to

Indicators

sha1 0a3dd44d361c34cd9036eeb3f49601160a636648indicates
email cap@sap.comexfiltrates-to
email mob.extrepo.stores@sap.comexfiltrates-to
email claude@users.noreply.github.comexfiltrates-to
domain git-tanstack.comcommunicates-with
domain filev2.getsession.orgcommunicates-with
domain 169.254.169.254communicates-with
ipv4 169.254.169.254communicates-with
sha256 ce7e4199506959fd7a71b64209b2c07b9c82e53a946aa7d78298dc9249230d01indicates
sha1 79ac49eedf774dd4b0cfa308722bc463cfe5885cindicates
ipv4 1.1.1.1communicates-with
ipv4 8.8.8.8communicates-with
sha256 449e4265979b5fdb2d3446c021af437e815debd66de7da2fe54f1ad93cbcc75eindicates
sha256 c2f4dc64aec4631540a568e88932b61daebbfb7e8281b812fa01b7215f9be9eaindicates
sha256 78a82d93b4f580835f5823b85a3d9ee1f03a15ee6f0e01b4eac86252a7002981indicates
sha256 3427a90c8cb9af764445448648176e120ebc6af0a538158340cf6220de4d01b7indicates
sha256 fdba4191831a13debf9d8c0c940b0301c7b7f01d27f1b1c73ed3ceaa2db4103bindicates
email a.tiertant@atlantis-software.netexfiltrates-to
domain t.m-kosche.comcommunicates-with
ipv4 169.254.170.2communicates-with
sha256 a68dd1e6a6e35ec3771e1f94fe796f55dfe65a2b94560516ff4ac189390dfa1cindicates
sha1 1916faa365f2788b6e193514872d51a242876569indicates
sha1 7cb42f57561c321ecb09b4552802ae0ac55b3a7aindicates
sha1 dc3d62a2181beb9f326952a2d212900c94f2e13dindicates
sha1 de0fac2e4500dabe0009e67214ff5f5447ce83ddindicates
sha1 bbbca2ddaa5d8feaa63e36b76fdaad77386f024findicates
email i@hust.ccexfiltrates-to
email alexzjt@users.noreply.github.comexfiltrates-to
domain check.git-service.comcommunicates-with
domain www.youtube.comcommunicates-with
ipv4 160.119.64.3communicates-with
ipv4 185.95.159.32communicates-with
sha256 3de04fe2a76262743ed089efa7115f4508619838e77d60b9a1aab8b20d2cc8bfindicates
sha256 85f54c089d78ebfb101454ec934c767065a342a43c9ee1beac8430cdd3b2086findicates
sha256 c0b094e46842260936d4b97ce63e4539b99a3eae48b736798c700217c52569dcindicates
sha256 069ac1dc7f7649b76bc72a11ac700f373804bfd81dab7e561157b703999f44ceindicates

Techniques

ttp T1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
ttp T1059.007 Command and Scripting Interpreter: JavaScriptuses
ttp T1552.001 Unsecured Credentials: Credentials In Filesuses
ttp T1041 Exfiltration Over C2 Channeluses
ttp T1528 Steal Application Access Tokenuses
ttp T1105 Ingress Tool Transferuses
ttp T1071.001 Application Layer Protocol: Web Protocolsuses
ttp T1102 Web Serviceuses
ttp T1021 Remote Servicesuses
ttp T1098 Account Manipulationuses
ttp T1539 Steal Web Session Cookieuses
ttp T1059.006 Command and Scripting Interpreter: Pythonuses
ttp T1071.004 Application Layer Protocol: DNSuses
ttp T1546 Event Triggered Executionuses
ttp T1027 Obfuscated Files or Informationuses

Read the full analysis →