← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Malicious PyPI and npm Packages Exploits Dependencies in Supply Chain Attacks
A malicious PyPI package named termncolor was discovered which introduces
persistence and remote code execution via its dependency colorinal. Termncolor had
355 downloads, while colorinal saw 529 before both were removed.
Indicators of Compromise (13)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | d4687158da8a5a604baae2208467480f | MD5 of af46c7917f04a9039eb0b439a7615ec07b7ad88048cb24fe23c454c16dffcd57 | 2025-08-18 | |
| FileHash-SHA1 | eaf634c72b2169f15c85fe004a06b3c646d08cc9 | SHA1 of af46c7917f04a9039eb0b439a7615ec07b7ad88048cb24fe23c454c16dffcd57 | 2025-08-18 | |
| FileHash-SHA256 | af46c7917f04a9039eb0b439a7615ec07b7ad88048cb24fe23c454c16dffcd57 | — | 2025-08-18 | |
| URL | http://144.172.112.106:1224/client/5346/64 | — | 2025-08-18 | |
| URL | http://144.172.112.106:1224/pdown | — | 2025-08-18 | |
| URL | http://172.86.64.67/api/service/makelog | — | 2025-08-18 | |
| URL | http://172.86.64.67/api/service/process/ | — | 2025-08-18 | |
| URL | http://172.86.64.67:4181 | — | 2025-08-18 | |
| URL | http://172.86.64.67:4186/upload | — | 2025-08-18 | |
| URL | http://172.86.64.67:4187/upload | — | 2025-08-18 | |
| URL | http://172.86.64.67:4188/upload | — | 2025-08-18 | |
| URL | https://api.npoint.io/96979650f5739bcbaebb | — | 2025-08-18 | |
| hostname | api.npoint.io | — | 2025-08-18 |