← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack | Google Cloud Blog
WHITE Threat Intelligence CyberHunter_NL 2026-04-01 Modified: 2026-05-01
48
IOCs
MEDIUM VOLUME
A North Korea-Nexus threat actor is targeting a popular JavaScript package, which is used by millions of users, to deliver malware on Windows, macOS, Linux and other operating systems, analysis shows.
unc1069iocswaveshapermonitorcompromisewindowsos versionfile systemenumerationreturnsthreat intelligencewaveshaper.v2javascriptapplescriptlinux
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
WAVESHAPER.V2 JavaScript AppleScript Linux WAVESHAPER
Indicators of Compromise (8 / 48 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL YARA domain email hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 04e3073b3cd5c5bfcde6f575ecf6e8c1 MD5 of 617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101 2026-04-01
FileHash-MD5 089e2872016f75a5223b5e02c184dfec MD5 of f7d335205b8d7b20208fb3ef93ee6dc817905dc3ae0c10a0b164f4e7d07121cd 2026-04-01
FileHash-MD5 7658962ae060a222c0058cd4e979bfa1 2026-04-01
FileHash-MD5 7a9ddef00f69477b96252ca234fcbeeb MD5 of 92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a 2026-04-01
FileHash-MD5 04e3073b3cd5c5bfcde6f575ecf6e8c1 MD5 of 617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101 2026-04-01
FileHash-MD5 089e2872016f75a5223b5e02c184dfec MD5 of f7d335205b8d7b20208fb3ef93ee6dc817905dc3ae0c10a0b164f4e7d07121cd 2026-04-01
FileHash-MD5 7a9ddef00f69477b96252ca234fcbeeb MD5 of 92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a 2026-04-01
FileHash-MD5 8c782b59a786f18520673e8d669e3b0a MD5 of e49c2732fb9861548208a78e72996b9c3c470b6b562576924bcc3a9fb75bf9ff 2026-04-01
References (1)
↗ https://cloud.google.com/blog/topics/threat-intelligence/north-korea-threat-actor-targets-axios-npm-package