@[email protected]
0 Followers
0 Following
0 Posts
expertmadmanJan 19, 2024

Researchers Uncover npm Package Delivering RAT Via Microsoft Executable

https://sh.itjust.works/post/13054002

Researchers Uncover npm Package Delivering RAT Via Microsoft Executable - sh.itjust.works

expertmadmanOct 12, 2023

Malicious Nuget Packages Found Delivering SeroXen RAT

https://sh.itjust.works/post/7022151

Malicious Nuget Packages Found Delivering SeroXen RAT - sh.itjust.works

Show threadexpertmadmanAug 13, 2023

blog.phylum.io/sophisticated-highly-targeted-atta…

tl;dr several packages were recently published to npm that appear to be subtle command and control. Behaviors of the infrastructure seem to mimic those recently identified by Phylum as being nation state activity from North Korea.

Sophisticated, Highly-Targeted Attacks Continue to Plague npm

⚠️Update Aug 16, 2023: This appears to be an ongoing campaign. The actor recently published another package hreport-preview with slight modifications. Namely pulling reverse shells from https://img.murphysec-nb[.]love ⚠️Update Aug 17-19, 2023: This actor continues to publish packages, most recently crcloud-layout, urs-remote, essc-crypto, mh-web-hardware, and mall-front-babel-directive. The IOCs

Phylum
expertmadmanAug 13, 2023

Sophisticated, Highly-Targeted Attacks Continue to Plague npm

https://sh.itjust.works/post/2828363

Sophisticated, Highly-Targeted Attacks Continue to Plague npm - sh.itjust.works

expertmadmanAug 3, 2023

Targeted npm Malware Attempts to Steal Company Source Code and Secrets

https://sh.itjust.works/post/2168204

Targeted npm Malware Attempts to Steal Company Source Code and Secrets - sh.itjust.works