Pulse Detail — Threat Intelligence

PULSE NAME

PyPI Phishing Campaign | JuiceLedger Threat Actor Pivots From Fake Apps to Supply Chain Attacks - SentinelOne

WHITE eric.ford 2022-09-01 Modified: 2022-10-01

IOCs

HIGH VOLUME

A new threat actor focused on infostealing through a.NET assembly has launched a supply chain attack on open-source software PyPI, according to SentinelLabs and the PyPi Foundation.

actor/juiceledger malware/juicestealer

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1547 T1176 T1566 T1553 T1036 T1496 T1195

MALWARE FAMILIES

JuiceStealer August JuiceLedger Robux

Indicators of Compromise (1 / 78 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	https://rblxdem.com/brace.hta	—	2022-09-01

References (1)

↗ https://www.sentinelone.com/labs/pypi-phishing-campaign-juiceledger-threat-actor-pivots-from-fake-apps-to-supply-chain-attacks/