← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Axios Package Hijacked to Execute Remote Access Attacks
WHITE ThreatIntelligence_feed 2026-03-31 Modified: 2026-03-31
24
IOCs
MEDIUM VOLUME
windowsgithub actionslinuxc2 urlhardenrunnerstepsecuritycicdpost bodyvbscriptc2 postmaliciouspowershellverifymacoscopywriteinstalllinux pythonkicspython
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Linux Python KICS Python
Indicators of Compromise (24)
All FileHash-SHA1 IPv4 URL domain email hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 07d889e2dadce6f3910dcbc253317d28ca61c766 2026-03-31
FileHash-SHA1 2553649f2322049666871cea80a5d0d6adc700ca 2026-03-31
FileHash-SHA1 7c29f4cf2ea91ef05018d5aa5399bf23ed3120eb 2026-03-31
FileHash-SHA1 ab1be887a2d37dd9ebc219657704180faf2c4920 2026-03-31
FileHash-SHA1 d6f3f62fd3b9f5432f5782b62d8cfd5247d5ee71 2026-03-31
IPv4 142.11.206.73 CC=US ASN=AS54290 hostwinds llc. 2026-03-31
URL http://Linuxpackages.npm.org/product2 2026-03-31
URL http://Windowspackages.npm.org/product1 2026-03-31
URL http://macOSpackages.npm.org/product0 2026-03-31
URL http://packages.npm.org/ 2026-03-31
URL http://packages.npm.org/product0 2026-03-31
URL http://packages.npm.org/product1 2026-03-31
URL http://packages.npm.org/product2 2026-03-31
URL http://sfrclak.com:8000 2026-03-31
URL http://sfrclak.com:8000/ 2026-03-31
URL http://sfrclak.com:8000/6202033 2026-03-31
domain package.md 2026-03-31
domain sfrclak.com 2026-03-31
email ifstap@proton.me 2026-03-31
email nrwise@proton.me 2026-03-31
hostname linuxpackages.npm.org 2026-03-31
hostname macospackages.npm.org 2026-03-31
hostname packages.npm.org 2026-03-31
hostname windowspackages.npm.org 2026-03-31
References (1)
↗ https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan