T1546
Event Triggered Execution
discovered 2025-01-16Module import event triggers daemon thread execution. Any code path that imports the core.telemetry package — application startup, CI test runs, IDE background processes — silently triggers the stager.
View on MITRE ATT&CKSeen in packages
- npm chrome-api-utilsuses
- npm grafana-sentry-datasourceuses
- npm @patternfly-v5/patternflyuses
- npm electron-builder-13uses
- npm graphql.vscode-graphql-syntaxuses
- npm mattermost-cloudnative-bootstrapperuses
- npm eslint-config-prettieruses
- npm eslint-plugin-prettieruses
- npm snyckituses
- npm @pkgr/coreuses
- npm napi-postinstalluses
- pypi bitensoruses
- pypi bittenso-cliuses
- pypi qbittensoruses
- pypi bittensouses
- npm nxuses
- npm @nx/jsuses
- npm @ctrl/tinycoloruses
- npm hyatt-residential-rosteruses
- npm hyatt-albumuses
- npm hyatt-avataruses
- npm @zapier/zapier-sdkuses
- npm @asyncapi/specsuses
- npm @quick-start-soft/quick-markdown-printuses
- npm @quick-start-soft/quick-markdownuses
- npm @quick-start-soft/quick-remove-image-backgrounduses
- npm @quick-start-soft/quick-git-clean-markdownuses
- npm @quick-start-soft/quick-document-translatoruses
- npm @quick-start-soft/quick-markdown-imageuses
- npm @quick-start-soft/quick-task-refineuses
- npm @asyncapi/modelinauses
- npm posthog-react-nativeuses
- npm posthog-nodeuses
- npm @postman/secret-scanner-wasmuses
- npm @postman/csv-parseuses
- npm @postman/node-keytaruses
- npm @postman/tunnel-agentuses
- npm @postman/wdio-allure-reporteruses
- npm @postman/postman-mcp-cliuses
- npm @postman/mcp-ui-clientuses
- npm @postman/wdio-junit-reporteruses
- npm @postman/pm-bin-macos-arm64uses
- npm @postman/pm-bin-linux-x64uses
- npm @postman/aether-iconsuses
- npm @Schedaero/shareduses
- pypi litellmuses
- npm oc-aa-module-clientuses
- npm @wame/ngx-adfsuses
- npm @the-coca-cola-company/ngps-global-common-utilsuses
- npm cr-static-shared-componentsuses
- npm @ceeferenderer/fe-renderer-sdkuses
- npm axiosuses
- npm mgcuses
- npm strapi-plugin-cronuses
- npm strapi-plugin-configuses
- npm strapi-plugin-serveruses
- npm strapi-plugin-databaseuses
- npm strapi-plugin-coreuses
- npm strapi-plugin-hooksuses
- npm strapi-plugin-monitoruses
- npm strapi-plugin-eventsuses
- npm strapi-plugin-loggeruses
- npm strapi-plugin-healthuses
- npm strapi-plugin-syncuses
- npm strapi-plugin-seeduses
- npm strapi-plugin-localeuses
- npm strapi-plugin-formuses
- npm strapi-plugin-notifyuses
- npm strapi-plugin-apiuses
- npm strapi-plugin-sitemap-genuses
- npm strapi-plugin-nordica-toolsuses
- npm strapi-plugin-nordica-syncuses
- npm strapi-plugin-nordica-cmsuses
- npm strapi-plugin-nordica-apiuses
- npm strapi-plugin-nordica-reconuses
- npm strapi-plugin-nordica-stageuses
- npm strapi-plugin-nordica-vhostuses
- npm strapi-plugin-nordica-deepuses
- npm strapi-plugin-nordica-liteuses
- npm strapi-plugin-nordicauses
- npm strapi-plugin-finsevenuses
- npm strapi-plugin-hextestuses
- npm strapi-plugin-cms-toolsuses
- npm strapi-plugin-content-syncuses
- npm strapi-plugin-debug-toolsuses
- npm strapi-plugin-health-checkuses
- npm strapi-plugin-guardarian-extuses
- npm strapi-plugin-advanced-uuiduses
- npm strapi-plugin-blurhashuses
- npm @velora-dex/sdkuses
- npm sjs-bigintegeruses
- npm sjs-lint-build1uses
- npm bjs-bigintegeruses
- npm bjs-lint-builderuses
- npm bjs-lint-buildersuses
- npm cjs-bigintegeruses
- npm ts-lint-buildsuses
- npm @genoma-ui/componentsuses
- npm rrweb-v1uses
- npm @needl-ai/commonuses
- npm dom-utils-liteuses
- npm centraloggeruses
- npm forge-jsxuses
- npm @johntaohunter/forge-jsxuses
- npm js-logger-packuses
- npm ixpresso-coreuses
- npm godsplanuses
- npm eyevoxuses
- npm npm-global-utiluses
- npm exioussuses
- npm node-env-resolveuses
- npm martinez-polygon-clipping-tonyuses
- npm noon-contractsuses
- npm iceberg-javascriptuses
- npm supabase-javascriptuses
- npm auth-javascriptuses
- npm microsoft-applicationinsights-commonuses
- npm ms-graph-typesuses
- npm node-ipcuses
- npm @antv/async-hookuses
- npm @antv/dipper-hooksuses
- npm @antv/xflow-hookuses
- npm polymarket-trading-cliuses
- npm polymarket-terminaluses
- npm polymarket-tradeuses
- npm polymarket-auto-tradeuses
- npm polymarket-copy-tradinguses
- npm polymarket-botuses
- npm polymarket-claude-codeuses
- npm polymarket-ai-agentuses
- npm polymarket-traderuses
- npm @cloudplatform-single-spa/billinguses
- npm @mlspace/shared-storageuses
- npm @car-loans/mobile-car-loans-applicationuses
- npm @redhat-cloud-services/patch-clientuses
- pypi gpt-pilotuses
Campaigns
- Enterprise Dependency Confusionattributed-to
- eslint-config-prettier Compromiseattributed-to
- Bittensor Typosquat Campaignattributed-to
- s1ngularity nx Build System Compromiseattributed-to
- Shai-Huludattributed-to
- TeamPCPattributed-to
- No Specific Campaignattributed-to
- Strapi Plugin C2 Campaignattributed-to
- big.js Typosquat SSH Backdoorattributed-to
- tanvisoul9 npm Backdoorsattributed-to
- forge-jsx RATattributed-to
- Contagious Interviewattributed-to
- fucktestpad npm Malwareattributed-to
- Claude Code Hook Backdoorsattributed-to
- Mini Shai-Huludattributed-to
- Crypto Wallet Drainersattributed-to
- oob-moika-tech-depconf-2026attributed-to
- Miasma: The Spreading Blightattributed-to
