← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Sophisticated, Highly-Targeted Attacks Continue to Plague npm
WHITE CyberHunter_NL 2023-08-15 Modified: 2023-09-14
14
IOCs
MEDIUM VOLUME
Phylum, a software risk detection platform, has detected a series of highly-targeted attacks on the npm website, targeting the platform’s main operating system, and the software itself.
researchphylumaugustjune attackas16509 httpdaterustdeskc2 serverguidjavascriptjunefirst
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (14)
All URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL http://ns1.dyna-ns.net/ 2023-08-15
URL http://ns2.dyna-ns.net/ 2023-08-15
URL https://ql.rustdesk.net 2023-08-15
URL https://ql.rustdesk.net/api/index 2023-08-15
URL https://rustdesk.com 2023-08-15
domain axios.post 2023-08-15
domain decipher.final 2023-08-15
domain response.data 2023-08-15
domain rustdesk.com 2023-08-15
domain rustdesk.net 2023-08-15
hostname array.prototype.slice.call 2023-08-15
hostname ns1.dyna-ns.net 2023-08-15
hostname ns2.dyna-ns.net 2023-08-15
hostname ql.rustdesk.net 2023-08-15
References (1)
↗ https://blog.phylum.io/sophisticated-highly-targeted-attacks-continue-to-plague-npm/