← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Who Broke NPM? Malicious Packages Flood Leading to Denial of Service
WHITE AlienVault 2023-04-07 Modified: 2025-01-13
9
IOCs
LOW VOLUME
We’ve seen spam campaigns in the open-source ecosystems in the past year, but this month was by far the worst one we’ve seen yet. Apparently, attackers found the unvetted open-source ecosystems as an easy target to perform SEO poisoning for various malicious campaigns. As long as the name is untaken, they can publish an unlimited number of packages.
npm
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (9)
All URL domain
TYPEINDICATORDESCRIPTIONCREATED
URL http://230320051222585.btl.jbc75.shop/f/fsbm0320.exe 2023-04-07
URL http://ji.ghwiwwff.com/m/oskg25 b4ea2b4b198552bd5507a504480d1efe41343c84c317de4ed44f571f608c8d47 2023-04-07
domain aapu.at 2023-04-07
domain bebekmanti.com 2023-04-07
domain beelowers.com 2023-04-07
domain dusti.co 2023-04-07
domain hugersi.com 2023-04-07
domain iplis.ru 2023-04-07
domain potunulit.org 2023-04-07
References (1)
↗ https://medium.com/checkmarx-security/who-broke-npm-malicious-packages-flood-leading-to-denial-of-service-77ac707ddbf1