malware npm
node-ipc
discovered 2026-05-14node-ipc is identified in the SafeDep analysis "Compromised node-ipc on npm: Credential Stealer via DNS Exfiltration". >-
Threat types
credential_stealer data_exfiltration rat persistence
Malicious versions
- 9.1.6
- 9.2.3
- 12.0.1
Campaigns
Indicators
- ipv4 1.1.1.1communicates-with
- ipv4 8.8.8.8communicates-with
- sha256 449e4265979b5fdb2d3446c021af437e815debd66de7da2fe54f1ad93cbcc75eindicates
- sha256 c2f4dc64aec4631540a568e88932b61daebbfb7e8281b812fa01b7215f9be9eaindicates
- sha256 78a82d93b4f580835f5823b85a3d9ee1f03a15ee6f0e01b4eac86252a7002981indicates
- sha256 3427a90c8cb9af764445448648176e120ebc6af0a538158340cf6220de4d01b7indicates
- sha256 fdba4191831a13debf9d8c0c940b0301c7b7f01d27f1b1c73ed3ceaa2db4103bindicates
- email a.tiertant@atlantis-software.netexfiltrates-to
Techniques
- ttp T1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
- ttp T1059.007 Command and Scripting Interpreter: JavaScriptuses
- ttp T1552.001 Unsecured Credentials: Credentials In Filesuses
- ttp T1041 Exfiltration Over C2 Channeluses
- ttp T1105 Ingress Tool Transferuses
- ttp T1071.001 Application Layer Protocol: Web Protocolsuses
- ttp T1071.004 Application Layer Protocol: DNSuses
- ttp T1546 Event Triggered Executionuses
