Pulse Detail — Threat Intelligence

PULSE NAME

CrowdStrike Falcon Prevents NPM Package Supply Chain Attacks (Shai-Halud)

WHITE Blue-line 2025-09-17 Modified: 2025-09-17

IOCs

MEDIUM VOLUME

CrowdStrike Falcon Prevents NPM Package Supply Chain Attacks (Shai-Halud) These indicators are provided by CrowdStrike. Reference URL provided.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1218 T1134 T1195

MALWARE FAMILIES

Scavenger

Indicators of Compromise (25)

All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain

TYPE	INDICATOR	DESCRIPTION	CREATED
CVE	CVE-2025-54313	—	2025-09-17
FileHash-MD5	4bf634c80e49e1b7385355ac0cb27a66	MD5 of 32d0dbdfef0e5520ba96a2673244267e204b94a49716ea13bf635fa9af6f66bf	2025-09-17
FileHash-MD5	ed375deea6f7407d2ff9dab1cb326473	MD5 of c68e42f416f482d43653f36cd14384270b54b68d6496a8e34ce887687de5b441	2025-09-17
FileHash-MD5	f2b0feb5325a83a58ad6c4c2f1f3d338	MD5 of 5bed39728e404838ecd679df65048abcb443f8c7a9484702a2ded60104b8c4a9	2025-09-17
FileHash-SHA1	5b43d563c509315dec0fca528ac9a73d4447092b	SHA1 of 32d0dbdfef0e5520ba96a2673244267e204b94a49716ea13bf635fa9af6f66bf	2025-09-17
FileHash-SHA1	a2f7e5a15daffa05bdda01bbf2e71736bdc79763	SHA1 of c68e42f416f482d43653f36cd14384270b54b68d6496a8e34ce887687de5b441	2025-09-17
FileHash-SHA1	f49b41fb6b5e879d970e49e8e7bcebb566da0fc3	SHA1 of 5bed39728e404838ecd679df65048abcb443f8c7a9484702a2ded60104b8c4a9	2025-09-17
FileHash-SHA256	32d0dbdfef0e5520ba96a2673244267e204b94a49716ea13bf635fa9af6f66bf	—	2025-09-17
FileHash-SHA256	5bed39728e404838ecd679df65048abcb443f8c7a9484702a2ded60104b8c4a9	—	2025-09-17
FileHash-SHA256	c68e42f416f482d43653f36cd14384270b54b68d6496a8e34ce887687de5b441	—	2025-09-17
URL	https://dieorsuffer.com/c/k2	—	2025-09-17
URL	https://firebase.su/c/k2	—	2025-09-17
URL	https://smartscreen-api.com/c/k2	—	2025-09-17
domain	dieorsuffer.com	—	2025-09-17
domain	firebase.su	—	2025-09-17
domain	npnjs.com	—	2025-09-17
domain	smartscreen-api.com	—	2025-09-17
URL	http://www.dieorsuffer.com/	—	2025-09-17
URL	http://kamrlx7bc5bg.dieorsuffer.com/	—	2025-09-17
URL	https://dieorsuffer.com/redirect	—	2025-09-17
URL	https://npnjs.com/login	—	2025-09-17
URL	https://www.firebase.su/	—	2025-09-17
URL	https://firebase.su/redirect	—	2025-09-17
URL	http://www.firebase.su/	—	2025-09-17
URL	https://www.dieorsuffer.com/	—	2025-09-17

References (1)

↗ https://www.crowdstrike.com/en-us/blog/crowdstrike-falcon-prevents-npm-package-supply-chain-attacks/