Pulse Detail — Threat Intelligence

PULSE NAME

PyPI Phishing Campaign | JuiceLedger Threat Actor Pivots From Fake Apps to Supply Chain Attacks - SentinelOne

WHITE eric.ford 2022-09-01 Modified: 2022-10-01

IOCs

HIGH VOLUME

A new threat actor focused on infostealing through a.NET assembly has launched a supply chain attack on open-source software PyPI, according to SentinelLabs and the PyPi Foundation.

actor/juiceledger malware/juicestealer

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1547 T1176 T1566 T1553 T1036 T1496 T1195

MALWARE FAMILIES

JuiceStealer August JuiceLedger Robux

Indicators of Compromise (9 / 78 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	1fcb0f4e7b9e531d10493d3946e1dbcb	MD5 of 8bbf55a78b6333ddb4c619d615099cc35dfeb4fb	2022-09-01
FileHash-MD5	525dc7a54e5e236c2fb507831a3af24c	MD5 of 567e1d5aa3a409a910631e109263d718ebd60506	2022-09-01
FileHash-MD5	690ebaf2725b81b361475ac46a7bc3e9	MD5 of 9fb18a3426efa0034f87dadffe06d490b105bda3	2022-09-01
FileHash-MD5	7921c005f9a31f3c7d8e5056450630a0	MD5 of cbc47435ccc62006310a130abd420c5fb4b278d2	2022-09-01
FileHash-MD5	9bb6d11368fcd7cedd468dc7abd76567	MD5 of 1e697bc7d6a9762bfec958ee278510583039579c	2022-09-01
FileHash-MD5	9f1401724bc05f6e158d609b0dc5a664	MD5 of 55ba11f522532d105f68220db44392887952e57b	2022-09-01
FileHash-MD5	d85fde681deaaebff0f9f06b961aa245	MD5 of 0a6731eba992c490d85d7a464fded2379996d77c	2022-09-01
FileHash-MD5	e0b66e5b78f7ffff3b24b652bbc9d70a	MD5 of 56e3421689d65e78ff75703dd6675956b86e09e8	2022-09-01
FileHash-MD5	f9e52c5a7d44abd472c53467fe02817b	MD5 of 5703ed6565888f0b06fffcc40030ba679936d29f	2022-09-01

References (1)

↗ https://www.sentinelone.com/labs/pypi-phishing-campaign-juiceledger-threat-actor-pivots-from-fake-apps-to-supply-chain-attacks/