-= Per source details. Do not edit below this line.=-
Malicious packages campaign since 2021 targeting developers, steals source code and secrets
{ "iocs": { "domains": [ "6wxd3v84nevku06dcgbqcxrmt.canarytokens.com", "fhg62xavat9jzyt6euwxi6sro.canarytokens.com", "1wy3rk316x8qqy4fyxtvcs4kkbq2es2h.oastify.com", "288utkkrohmp0nr8znflcp88nztrhg.oastify.com", "bq5m9lnmalh9ktyi9wydockt9kfb32rr.oastify.com", "c7kxnys58daceezcxx0jjstn6ec50vok.oastify.com", "cczk46g2vtc0000k68dgggx31deyyyyyb.oast.fun", "cfrg38n2vtc0000h72xgg8hebweyyyyyb.oast.fun", "cfswk0m2vtc0000myvg0g8h6jocyyyyyb.oast.fun", "cfytrzv2vtc00002v400geytd6yyyyyyn.oast.fun", "ck0r1hp2vtc00007c0zggjocy3ryyyyyb.oast.fun", "ho94479k12fy3mdiwjvzvvo09rfh36.oastify.com", "l2g8zu5qwvsj5bewhvvxusdpp.canarytokens.com", "u3yjt7ui4aa5egu44kdrpys1psvjj97y.oastify.com", "u61eou88vswlvti2yihx8ktyrpxfl4.oastify.com", "unld4fepiyjq4ywsrj7mmpaz3q9hx9ly.oastify.com", "uzx39o3nimx3qp8s14uu6kfjhan1brzg.oastify.com", "yhj0choyrutnbvpcjuesxpph58bzztni.oastify.com", "cup1qnm56sdo4bdv.b.requestbin.net", "4or5o5yn5lqzenk4.b.requestbin.net", "bind9-or-callback-server.com", "efrva6.dnslog.cn", "eozpdddh3tifjo.m.pipedream.net", "marcomayo.com", "nirobtest.xyz", "npmtesttut.com" ], "ips": [ "178.128.27.205", "185.62.56.25", "185.62.57.60", "198.199.83.132", "5.9.104.19", "51.250.2.204", "65.21.108.160" ] }, "malicious-packages-origins": [ { "sha256": "8b52e3ebbc9f77499af5305ed66af90a110e8aa4ae801a722309d25dfe72f01a", "import_time": "2023-09-04T09:11:41.80627547Z", "source": "checkmarx", "ranges": [ { "events": [ { "introduced": "0" } ], "type": "SEMVER" } ], "modified_time": "2023-09-01T20:12:58Z" }, { "sha256": "8724f5a0da9db20b6906b87bfbcd335a0296b35e62ff850e34191da3a65505c8", "import_time": "2024-06-28T02:42:37.176348015Z", "versions": [ "1.999.0" ], "id": "RLMA-2024-00701", "source": "reversing-labs", "modified_time": "2024-06-25T12:35:53Z" } ] }