← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Malicious PyPI and npm Packages Exploits Dependencies in Supply Chain Attacks
A malicious PyPI package named termncolor was discovered which introduces
persistence and remote code execution via its dependency colorinal.
Indicators of Compromise (13)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | d4687158da8a5a604baae2208467480f | MD5 of af46c7917f04a9039eb0b439a7615ec07b7ad88048cb24fe23c454c16dffcd57 | 2025-08-18 | |
| FileHash-SHA1 | eaf634c72b2169f15c85fe004a06b3c646d08cc9 | SHA1 of af46c7917f04a9039eb0b439a7615ec07b7ad88048cb24fe23c454c16dffcd57 | 2025-08-18 | |
| FileHash-SHA256 | af46c7917f04a9039eb0b439a7615ec07b7ad88048cb24fe23c454c16dffcd57 | — | 2025-08-18 | |
| URL | http://144.172.112.106:1224/client/5346/64 | — | 2025-08-18 | |
| URL | http://144.172.112.106:1224/pdown | — | 2025-08-18 | |
| URL | http://172.86.64.67/api/service/makelog | — | 2025-08-18 | |
| URL | http://172.86.64.67/api/service/process/ | — | 2025-08-18 | |
| URL | http://172.86.64.67:4181 | — | 2025-08-18 | |
| URL | http://172.86.64.67:4186/upload | — | 2025-08-18 | |
| URL | http://172.86.64.67:4187/upload | — | 2025-08-18 | |
| URL | http://172.86.64.67:4188/upload | — | 2025-08-18 | |
| URL | https://api.npoint.io/96979650f5739bcbaebb | — | 2025-08-18 | |
| hostname | api.npoint.io | — | 2025-08-18 |