← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Malicious Axios Packages Published to npm in New Supply Chain Compromise
A recent supply chain compromise has been identified affecting the widely utilized JavaScript HTTP client axios, wherein malicious versions of the package were published to npm using compromised maintainer credentials. The exploitation involves the deployment of a Remote Access Trojan (RAT) through a fabricated dependency labeled plain-crypto-js@4.2.1. Notably, this dependency is not directly imported by axios, functioning instead as a dropper that executes a postinstall script upon installation.
MITRE ATT&CK & Malware Families
Indicators of Compromise (264)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 21d2470cae072cf2d027d473d168158c | MD5 of 2553649f2322049666871cea80a5d0d6adc700ca | 2026-04-02 | |
| FileHash-MD5 | db7f4c82c732e8b107492cae419740ab | MD5 of 07d889e2dadce6f3910dcbc253317d28ca61c766 | 2026-04-02 | |
| FileHash-SHA1 | 07d889e2dadce6f3910dcbc253317d28ca61c766 | — | 2026-04-02 | |
| FileHash-SHA1 | 2553649f2322049666871cea80a5d0d6adc700ca | — | 2026-04-02 | |
| FileHash-SHA1 | d6f3f62fd3b9f5432f5782b62d8cfd5247d5ee71 | — | 2026-04-02 | |
| FileHash-SHA256 | 58401c195fe0a6204b42f5f90995ece5fab74ce7c69c67a24c61a057325af668 | SHA256 of 07d889e2dadce6f3910dcbc253317d28ca61c766 | 2026-04-02 | |
| FileHash-SHA256 | 5bb67e88846096f1f8d42a0f0350c9c46260591567612ff9af46f98d1b7571cd | SHA256 of 2553649f2322049666871cea80a5d0d6adc700ca | 2026-04-02 | |
| IPv4 | 142.11.206.73 | CC=US ASN=AS54290 hostwinds llc. | 2026-04-02 | |
| URL | http://Linuxpackages.npm.org/product2 | — | 2026-04-02 | |
| URL | http://Windowspackages.npm.org/product1 | — | 2026-04-02 | |
| URL | http://macOSpackages.npm.org/product0 | — | 2026-04-02 | |
| URL | http://sfrclak.com:8000/6202033 | — | 2026-04-02 | |
| domain | domainsfrclak.com | — | 2026-04-02 | |
| domain | sfrclak.com | — | 2026-04-02 | |
| ifstap@proton.me | — | 2026-04-02 | ||
| nrwise@proton.me | — | 2026-04-02 | ||
| hostname | linuxpackages.npm.org | — | 2026-04-02 | |
| hostname | macospackages.npm.org | — | 2026-04-02 | |
| hostname | windowspackages.npm.org | — | 2026-04-02 | |
| CIDR | 142.11.192.0/18 | — | 2026-04-02 | |
| FileHash-MD5 | 04e3073b3cd5c5bfcde6f575ecf6e8c1 | MD5 of 617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101 | 2026-04-02 | |
| FileHash-MD5 | 089e2872016f75a5223b5e02c184dfec | MD5 of f7d335205b8d7b20208fb3ef93ee6dc817905dc3ae0c10a0b164f4e7d07121cd | 2026-04-02 | |
| FileHash-MD5 | 7658962ae060a222c0058cd4e979bfa1 | MD5 of e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09 | 2026-04-02 | |
| FileHash-MD5 | 7a9ddef00f69477b96252ca234fcbeeb | MD5 of 92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a | 2026-04-02 | |
| FileHash-MD5 | db7f4c82c732e8b107492cae419740ab | MD5 of 07d889e2dadce6f3910dcbc253317d28ca61c766 | 2026-04-02 | |
| FileHash-SHA1 | 07d889e2dadce6f3910dcbc253317d28ca61c766 | — | 2026-04-02 | |
| FileHash-SHA1 | 13ab317c5dcab9af2d1bdb22118b9f09f8a4038e | SHA1 of 92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a | 2026-04-02 | |
| FileHash-SHA1 | 55554944c848257813983360905d7ad0f7e5e3f5 | — | 2026-04-02 | |
| FileHash-SHA1 | 978407431d75885228e0776913543992a9eb7cc4 | SHA1 of f7d335205b8d7b20208fb3ef93ee6dc817905dc3ae0c10a0b164f4e7d07121cd | 2026-04-02 | |
| FileHash-SHA1 | a90c26e7cbb3440ac1cad75cf351cbedef7744a8 | SHA1 of 617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101 | 2026-04-02 | |
| FileHash-SHA1 | b0e0f12f1be57dc67fa375e860cedd19553c464d | SHA1 of e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09 | 2026-04-02 | |
| FileHash-SHA1 | d6f3f62fd3b9f5432f5782b62d8cfd5247d5ee71 | — | 2026-04-02 | |
| FileHash-SHA256 | 58401c195fe0a6204b42f5f90995ece5fab74ce7c69c67a24c61a057325af668 | SHA256 of 07d889e2dadce6f3910dcbc253317d28ca61c766 | 2026-04-02 | |
| FileHash-SHA256 | 617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101 | — | 2026-04-02 | |
| FileHash-SHA256 | 92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a | — | 2026-04-02 | |
| FileHash-SHA256 | e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09 | — | 2026-04-02 | |
| FileHash-SHA256 | f7d335205b8d7b20208fb3ef93ee6dc817905dc3ae0c10a0b164f4e7d07121cd | — | 2026-04-02 | |
| FileHash-SHA256 | fcb81618bb15edfdedfb638b4c08a2af9cac9ecba551af135a8402bf980375cf | — | 2026-04-02 | |
| IPv4 | 142.11.206.73 | CC=US ASN=AS54290 hostwinds llc. | 2026-04-02 | |
| URL | http://packages.npm.org/product0 | — | 2026-04-02 | |
| URL | http://packages.npm.org/product1' | — | 2026-04-02 | |
| URL | http://sfrclak.com:8000 | — | 2026-04-02 | |
| URL | http://sfrclak.com:8000/ | — | 2026-04-02 | |
| URL | http://sfrclak.com:8000/6202033 | — | 2026-04-02 | |
| domain | package.md | — | 2026-04-02 | |
| domain | sfrclak.com | — | 2026-04-02 | |
| hostname | packages.npm.org | — | 2026-04-02 | |
| IPv4 | 142.11.206.73 | CC=US ASN=AS54290 hostwinds llc. | 2026-04-02 | |
| URL | http://packages.npm.org/product0 | — | 2026-04-02 | |
| URL | http://packages.npm.org/product1 | — | 2026-04-02 | |
| URL | http://packages.npm.org/product2 | — | 2026-04-02 | |
| URL | http://sfrclak.com:8000 | — | 2026-04-02 | |
| URL | http://sfrclak.com:8000/ | — | 2026-04-02 | |
| URL | http://sfrclak.com:8000/6202033 | — | 2026-04-02 | |
| domain | package.md | — | 2026-04-02 | |
| domain | sfrclak.com | — | 2026-04-02 | |
| nrwise@proton.me | — | 2026-04-02 | ||
| hostname | packages.npm.org | — | 2026-04-02 | |
| IPv4 | 23.254.167.216 | CC=US ASN=AS54290 hostwinds llc. | 2026-04-02 | |
| FileHash-MD5 | 04e3073b3cd5c5bfcde6f575ecf6e8c1 | MD5 of 617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101 | 2026-04-02 | |
| FileHash-MD5 | 089e2872016f75a5223b5e02c184dfec | MD5 of f7d335205b8d7b20208fb3ef93ee6dc817905dc3ae0c10a0b164f4e7d07121cd | 2026-04-02 | |
| FileHash-MD5 | 7658962ae060a222c0058cd4e979bfa1 | MD5 of e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09 | 2026-04-02 | |
| FileHash-MD5 | 7a9ddef00f69477b96252ca234fcbeeb | MD5 of 92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a | 2026-04-02 | |
| FileHash-MD5 | 90e8e227ba8bef0ea7e0212b5b1e0d4c | MD5 of ed8560c1ac7ceb6983ba995124d5917dc1a00288912387a6389296637d5f815c | 2026-04-02 | |
| FileHash-MD5 | 9663665850cdd8fe12e30a671e5c4e6f | MD5 of fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf | 2026-04-02 | |
| FileHash-MD5 | db7f4c82c732e8b107492cae419740ab | MD5 of 07d889e2dadce6f3910dcbc253317d28ca61c766 | 2026-04-02 | |
| FileHash-SHA1 | 07d889e2dadce6f3910dcbc253317d28ca61c766 | — | 2026-04-02 | |
| FileHash-SHA1 | 13ab317c5dcab9af2d1bdb22118b9f09f8a4038e | SHA1 of 92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a | 2026-04-02 | |
| FileHash-SHA1 | 59faac136680104948e083b3b67a70af9bfa5d5e | SHA1 of fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf | 2026-04-02 | |
| FileHash-SHA1 | 978407431d75885228e0776913543992a9eb7cc4 | SHA1 of f7d335205b8d7b20208fb3ef93ee6dc817905dc3ae0c10a0b164f4e7d07121cd | 2026-04-02 | |
| FileHash-SHA1 | a90c26e7cbb3440ac1cad75cf351cbedef7744a8 | SHA1 of 617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101 | 2026-04-02 | |
| FileHash-SHA1 | b0e0f12f1be57dc67fa375e860cedd19553c464d | SHA1 of e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09 | 2026-04-02 | |
| FileHash-SHA1 | d6f3f62fd3b9f5432f5782b62d8cfd5247d5ee71 | — | 2026-04-02 | |
| FileHash-SHA1 | dbd62d788ce8dcaa96116a73f70ee24813d59428 | SHA1 of ed8560c1ac7ceb6983ba995124d5917dc1a00288912387a6389296637d5f815c | 2026-04-02 | |
| FileHash-SHA256 | 58401c195fe0a6204b42f5f90995ece5fab74ce7c69c67a24c61a057325af668 | SHA256 of 07d889e2dadce6f3910dcbc253317d28ca61c766 | 2026-04-02 | |
| FileHash-SHA256 | 617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101 | — | 2026-04-02 | |
| FileHash-SHA256 | 92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a | — | 2026-04-02 | |
| FileHash-SHA256 | e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09 | — | 2026-04-02 | |
| FileHash-SHA256 | ed8560c1ac7ceb6983ba995124d5917dc1a00288912387a6389296637d5f815c | — | 2026-04-02 | |
| FileHash-SHA256 | f7d335205b8d7b20208fb3ef93ee6dc817905dc3ae0c10a0b164f4e7d07121cd | — | 2026-04-02 | |
| FileHash-SHA256 | fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf | — | 2026-04-02 | |
| IPv4 | 142.11.206.73 | CC=US ASN=AS54290 hostwinds llc. | 2026-04-02 | |
| URL | http://sfrclak.com:8000/6202033 | — | 2026-04-02 | |
| domain | sfrclak.com | — | 2026-04-02 | |
| FileHash-MD5 | 21d2470cae072cf2d027d473d168158c | MD5 of 2553649f2322049666871cea80a5d0d6adc700ca | 2026-04-02 | |
| FileHash-MD5 | db7f4c82c732e8b107492cae419740ab | MD5 of 07d889e2dadce6f3910dcbc253317d28ca61c766 | 2026-04-02 | |
| FileHash-SHA1 | 07d889e2dadce6f3910dcbc253317d28ca61c766 | — | 2026-04-02 | |
| FileHash-SHA1 | 2553649f2322049666871cea80a5d0d6adc700ca | — | 2026-04-02 | |
| FileHash-SHA1 | d6f3f62fd3b9f5432f5782b62d8cfd5247d5ee71 | — | 2026-04-02 | |
| FileHash-SHA256 | 58401c195fe0a6204b42f5f90995ece5fab74ce7c69c67a24c61a057325af668 | SHA256 of 07d889e2dadce6f3910dcbc253317d28ca61c766 | 2026-04-02 | |
| FileHash-SHA256 | 5bb67e88846096f1f8d42a0f0350c9c46260591567612ff9af46f98d1b7571cd | SHA256 of 2553649f2322049666871cea80a5d0d6adc700ca | 2026-04-02 | |
| IPv4 | 142.11.206.73 | CC=US ASN=AS54290 hostwinds llc. | 2026-04-02 | |
| domain | sfrclak.com | — | 2026-04-02 | |
| FileHash-MD5 | 7658962ae060a222c0058cd4e979bfa1 | MD5 of e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09 | 2026-04-02 | |
| FileHash-MD5 | 7a9ddef00f69477b96252ca234fcbeeb | MD5 of 92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a | 2026-04-02 | |
| FileHash-MD5 | 8c782b59a786f18520673e8d669e3b0a | MD5 of e49c2732fb9861548208a78e72996b9c3c470b6b562576924bcc3a9fb75bf9ff | 2026-04-02 | |
| FileHash-MD5 | 90e8e227ba8bef0ea7e0212b5b1e0d4c | MD5 of ed8560c1ac7ceb6983ba995124d5917dc1a00288912387a6389296637d5f815c | 2026-04-02 | |
| FileHash-MD5 | db7f4c82c732e8b107492cae419740ab | MD5 of 07d889e2dadce6f3910dcbc253317d28ca61c766 | 2026-04-02 | |
| FileHash-SHA1 | 07d889e2dadce6f3910dcbc253317d28ca61c766 | — | 2026-04-02 | |
| FileHash-SHA1 | 13ab317c5dcab9af2d1bdb22118b9f09f8a4038e | SHA1 of 92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a | 2026-04-02 | |
| FileHash-SHA1 | ae39c4c550ad656622736134035f17ca7a66a742 | SHA1 of e49c2732fb9861548208a78e72996b9c3c470b6b562576924bcc3a9fb75bf9ff | 2026-04-02 | |
| FileHash-SHA1 | b0e0f12f1be57dc67fa375e860cedd19553c464d | SHA1 of e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09 | 2026-04-02 | |
| FileHash-SHA1 | d6f3f62fd3b9f5432f5782b62d8cfd5247d5ee71 | — | 2026-04-02 | |
| FileHash-SHA1 | dbd62d788ce8dcaa96116a73f70ee24813d59428 | SHA1 of ed8560c1ac7ceb6983ba995124d5917dc1a00288912387a6389296637d5f815c | 2026-04-02 | |
| FileHash-SHA256 | 58401c195fe0a6204b42f5f90995ece5fab74ce7c69c67a24c61a057325af668 | SHA256 of 07d889e2dadce6f3910dcbc253317d28ca61c766 | 2026-04-02 | |
| FileHash-SHA256 | 6483c004e207137385f480909d6edecf1b699087378aa91745ecba7c3394f9d7 | — | 2026-04-02 | |
| FileHash-SHA256 | 92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a | — | 2026-04-02 | |
| FileHash-SHA256 | e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09 | — | 2026-04-02 | |
| FileHash-SHA256 | e49c2732fb9861548208a78e72996b9c3c470b6b562576924bcc3a9fb75bf9ff | — | 2026-04-02 | |
| FileHash-SHA256 | ed8560c1ac7ceb6983ba995124d5917dc1a00288912387a6389296637d5f815c | — | 2026-04-02 | |
| IPv4 | 142.11.206.73 | CC=US ASN=AS54290 hostwinds llc. | 2026-04-02 | |
| URL | http://packages.npm.org/product0 | — | 2026-04-02 | |
| URL | http://packages.npm.org/product1 | — | 2026-04-02 | |
| URL | http://packages.npm.org/product1' | — | 2026-04-02 | |
| URL | http://packages.npm.org/product2 | — | 2026-04-02 | |
| URL | http://sfrclak.com:8000/6202033 | — | 2026-04-02 | |
| domain | process.name | — | 2026-04-02 | |
| domain | sfrclak.com | — | 2026-04-02 | |
| hostname | packages.npm.org | — | 2026-04-02 | |
| hostname | process.parent.name | — | 2026-04-02 | |
| IPv4 | 23.254.167.216 | CC=US ASN=AS54290 hostwinds llc. | 2026-04-04 | |
| IPv4 | 23.254.203.244 | CC=US ASN=AS54290 hostwinds llc. | 2026-04-04 | |
| CVE | CVE-2026-20929 | — | 2026-04-04 | |
| FileHash-SHA256 | c373706b3456c36e8baa0a3ee5aed358c1fe07cba04f65790c90f029971e378a | — | 2026-04-04 | |
| IPv4 | 142.11.206.73 | CC=US ASN=AS54290 hostwinds llc. | 2026-04-04 | |
| domain | sfrclak.com | — | 2026-04-04 | |
| IPv4 | 23.254.167.216 | CC=US ASN=AS54290 hostwinds llc. | 2026-04-04 | |
| FileHash-MD5 | 04e3073b3cd5c5bfcde6f575ecf6e8c1 | MD5 of 617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101 | 2026-04-04 | |
| FileHash-MD5 | 089e2872016f75a5223b5e02c184dfec | MD5 of f7d335205b8d7b20208fb3ef93ee6dc817905dc3ae0c10a0b164f4e7d07121cd | 2026-04-04 | |
| FileHash-MD5 | 21d2470cae072cf2d027d473d168158c | MD5 of 5bb67e88846096f1f8d42a0f0350c9c46260591567612ff9af46f98d1b7571cd | 2026-04-04 | |
| FileHash-MD5 | 7658962ae060a222c0058cd4e979bfa1 | MD5 of e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09 | 2026-04-04 | |
| FileHash-MD5 | 7a9ddef00f69477b96252ca234fcbeeb | MD5 of 92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a | 2026-04-04 | |
| FileHash-MD5 | 8c782b59a786f18520673e8d669e3b0a | MD5 of e49c2732fb9861548208a78e72996b9c3c470b6b562576924bcc3a9fb75bf9ff | 2026-04-04 | |
| FileHash-MD5 | 90e8e227ba8bef0ea7e0212b5b1e0d4c | MD5 of ed8560c1ac7ceb6983ba995124d5917dc1a00288912387a6389296637d5f815c | 2026-04-04 | |
| FileHash-MD5 | 9663665850cdd8fe12e30a671e5c4e6f | MD5 of fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf | 2026-04-04 | |
| FileHash-MD5 | db7f4c82c732e8b107492cae419740ab | MD5 of 58401c195fe0a6204b42f5f90995ece5fab74ce7c69c67a24c61a057325af668 | 2026-04-04 | |
| FileHash-MD5 | e56bafda15a624b60ac967111d227bf8 | MD5 of 59336a964f110c25c112bcc5adca7090296b54ab33fa95c0744b94f8a0d80c0f | 2026-04-04 | |
| FileHash-SHA1 | 07d889e2dadce6f3910dcbc253317d28ca61c766 | SHA1 of 58401c195fe0a6204b42f5f90995ece5fab74ce7c69c67a24c61a057325af668 | 2026-04-04 | |
| FileHash-SHA1 | 13ab317c5dcab9af2d1bdb22118b9f09f8a4038e | SHA1 of 92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a | 2026-04-04 | |
| FileHash-SHA1 | 2553649f2322049666871cea80a5d0d6adc700ca | SHA1 of 5bb67e88846096f1f8d42a0f0350c9c46260591567612ff9af46f98d1b7571cd | 2026-04-04 | |
| FileHash-SHA1 | 59faac136680104948e083b3b67a70af9bfa5d5e | SHA1 of fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf | 2026-04-04 | |
| FileHash-SHA1 | 978407431d75885228e0776913543992a9eb7cc4 | SHA1 of f7d335205b8d7b20208fb3ef93ee6dc817905dc3ae0c10a0b164f4e7d07121cd | 2026-04-04 | |
| FileHash-SHA1 | a90c26e7cbb3440ac1cad75cf351cbedef7744a8 | SHA1 of 617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101 | 2026-04-04 | |
| FileHash-SHA1 | ae39c4c550ad656622736134035f17ca7a66a742 | SHA1 of e49c2732fb9861548208a78e72996b9c3c470b6b562576924bcc3a9fb75bf9ff | 2026-04-04 | |
| FileHash-SHA1 | b0e0f12f1be57dc67fa375e860cedd19553c464d | SHA1 of e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09 | 2026-04-04 | |
| FileHash-SHA1 | d6f3f62fd3b9f5432f5782b62d8cfd5247d5ee71 | SHA1 of 59336a964f110c25c112bcc5adca7090296b54ab33fa95c0744b94f8a0d80c0f | 2026-04-04 | |
| FileHash-SHA1 | dbd62d788ce8dcaa96116a73f70ee24813d59428 | SHA1 of ed8560c1ac7ceb6983ba995124d5917dc1a00288912387a6389296637d5f815c | 2026-04-04 | |
| FileHash-SHA256 | 58401c195fe0a6204b42f5f90995ece5fab74ce7c69c67a24c61a057325af668 | — | 2026-04-04 | |
| FileHash-SHA256 | 59336a964f110c25c112bcc5adca7090296b54ab33fa95c0744b94f8a0d80c0f | — | 2026-04-04 | |
| FileHash-SHA256 | 5bb67e88846096f1f8d42a0f0350c9c46260591567612ff9af46f98d1b7571cd | — | 2026-04-04 | |
| FileHash-SHA256 | 617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101 | — | 2026-04-04 | |
| FileHash-SHA256 | 92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a | — | 2026-04-04 | |
| FileHash-SHA256 | e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09 | — | 2026-04-04 | |
| FileHash-SHA256 | e49c2732fb9861548208a78e72996b9c3c470b6b562576924bcc3a9fb75bf9ff | — | 2026-04-04 | |
| FileHash-SHA256 | ed8560c1ac7ceb6983ba995124d5917dc1a00288912387a6389296637d5f815c | — | 2026-04-04 | |
| FileHash-SHA256 | f7d335205b8d7b20208fb3ef93ee6dc817905dc3ae0c10a0b164f4e7d07121cd | — | 2026-04-04 | |
| FileHash-SHA256 | fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf | — | 2026-04-04 | |
| IPv4 | 142.11.206.73 | CC=US ASN=AS54290 hostwinds llc. | 2026-04-04 | |
| URL | http://sfrclak.com:8000/6202033 | — | 2026-04-04 | |
| URL | https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan#code-repositories | — | 2026-04-04 | |
| domain | callnrwise.com | — | 2026-04-04 | |
| domain | calltan.com | — | 2026-04-04 | |
| domain | sfrclak.com | — | 2026-04-04 | |
| hostname | www.stepsecurity.io | — | 2026-04-04 | |
| IPv4 | 108.174.194.44 | CC=US ASN=AS54290 hostwinds llc. | 2026-04-04 | |
| IPv4 | 23.254.167.216 | CC=US ASN=AS54290 hostwinds llc. | 2026-04-04 | |
| CIDR | 142.11.192.0/18 | — | 2026-04-04 | |
| FileHash-MD5 | 04e3073b3cd5c5bfcde6f575ecf6e8c1 | MD5 of 617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101 | 2026-04-04 | |
| FileHash-MD5 | 089e2872016f75a5223b5e02c184dfec | MD5 of f7d335205b8d7b20208fb3ef93ee6dc817905dc3ae0c10a0b164f4e7d07121cd | 2026-04-04 | |
| FileHash-MD5 | 7658962ae060a222c0058cd4e979bfa1 | MD5 of e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09 | 2026-04-04 | |
| FileHash-MD5 | 9663665850cdd8fe12e30a671e5c4e6f | MD5 of fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf | 2026-04-04 | |
| FileHash-MD5 | db7f4c82c732e8b107492cae419740ab | MD5 of 07d889e2dadce6f3910dcbc253317d28ca61c766 | 2026-04-04 | |
| FileHash-MD5 | e56bafda15a624b60ac967111d227bf8 | MD5 of d6f3f62fd3b9f5432f5782b62d8cfd5247d5ee71 | 2026-04-04 | |
| FileHash-SHA1 | 07d889e2dadce6f3910dcbc253317d28ca61c766 | — | 2026-04-04 | |
| FileHash-SHA1 | 59faac136680104948e083b3b67a70af9bfa5d5e | SHA1 of fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf | 2026-04-04 | |
| FileHash-SHA1 | 7c29f4cf2ea91ef05018d5aa5399bf23ed3120eb | — | 2026-04-04 | |
| FileHash-SHA1 | 978407431d75885228e0776913543992a9eb7cc4 | SHA1 of f7d335205b8d7b20208fb3ef93ee6dc817905dc3ae0c10a0b164f4e7d07121cd | 2026-04-04 | |
| FileHash-SHA1 | a90c26e7cbb3440ac1cad75cf351cbedef7744a8 | SHA1 of 617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101 | 2026-04-04 | |
| FileHash-SHA1 | b0e0f12f1be57dc67fa375e860cedd19553c464d | SHA1 of e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09 | 2026-04-04 | |
| FileHash-SHA1 | d6f3f62fd3b9f5432f5782b62d8cfd5247d5ee71 | — | 2026-04-04 | |
| FileHash-SHA256 | 506690fcbd10fbe6f2b85b49a1fffa9d984c376c25ef6b73f764f670e932cab4 | — | 2026-04-04 | |
| FileHash-SHA256 | 58401c195fe0a6204b42f5f90995ece5fab74ce7c69c67a24c61a057325af668 | SHA256 of 07d889e2dadce6f3910dcbc253317d28ca61c766 | 2026-04-04 | |
| FileHash-SHA256 | 59336a964f110c25c112bcc5adca7090296b54ab33fa95c0744b94f8a0d80c0f | SHA256 of d6f3f62fd3b9f5432f5782b62d8cfd5247d5ee71 | 2026-04-04 | |
| FileHash-SHA256 | 617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101 | — | 2026-04-04 | |
| FileHash-SHA256 | e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09 | — | 2026-04-04 | |
| FileHash-SHA256 | e1f6b7f621a391a9d26e9a196974f3e2cc1ce8b4d8f73a14b2e8cb0f2a40289f | — | 2026-04-04 | |
| FileHash-SHA256 | f7d335205b8d7b20208fb3ef93ee6dc817905dc3ae0c10a0b164f4e7d07121cd | — | 2026-04-04 | |
| FileHash-SHA256 | fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf | — | 2026-04-04 | |
| IPv4 | 108.174.194.196 | CC=US ASN=AS54290 hostwinds llc. | 2026-04-04 | |
| IPv4 | 142.11.206.73 | CC=US ASN=AS54290 hostwinds llc. | 2026-04-04 | |
| URL | http://packages.npm.org/product1 | — | 2026-04-04 | |
| URL | http://packages.npm.org/product2 | — | 2026-04-04 | |
| URL | http://sfrclak.com:8000 | — | 2026-04-04 | |
| URL | http://sfrclak.com:8000/ | — | 2026-04-04 | |
| URL | http://sfrclak.com:8000/6202033 | — | 2026-04-04 | |
| domain | package.md | — | 2026-04-04 | |
| domain | sfrclak.com | — | 2026-04-04 | |
| domain | subprocess.run | — | 2026-04-04 | |
| ifstap@proton.me | — | 2026-04-04 | ||
| nrwise@proton.me | — | 2026-04-04 | ||
| hostname | packages.npm.org | — | 2026-04-04 | |
| FileHash-MD5 | 04e3073b3cd5c5bfcde6f575ecf6e8c1 | — | 2026-04-04 | |
| FileHash-MD5 | 089e2872016f75a5223b5e02c184dfec | — | 2026-04-04 | |
| FileHash-MD5 | 1b8615b9732833b4dd0a3e82326982fa | — | 2026-04-04 | |
| FileHash-MD5 | 21d2470cae072cf2d027d473d168158c | — | 2026-04-04 | |
| FileHash-MD5 | 2e3a4412a7a487b32c5715167c755d08 | — | 2026-04-04 | |
| FileHash-MD5 | 52f3311ceb5495796e9bed22302d79bc | — | 2026-04-04 | |
| FileHash-MD5 | 759e597c3cc23c04cd39301bd93fc79f | — | 2026-04-04 | |
| FileHash-MD5 | 7658962ae060a222c0058cd4e979bfa1 | — | 2026-04-04 | |
| FileHash-MD5 | 7a9ddef00f69477b96252ca234fcbeeb | — | 2026-04-04 | |
| FileHash-MD5 | 7cac57b2d328bd814009772dd1eda429 | — | 2026-04-04 | |
| FileHash-MD5 | 85ed77a21b88cae721f369fa6b7bbba3 | — | 2026-04-04 | |
| FileHash-MD5 | 9663665850cdd8fe12e30a671e5c4e6f | — | 2026-04-04 | |
| FileHash-MD5 | cde4951bee7e28ac8a29d33d34a41ae5 | — | 2026-04-04 | |
| FileHash-MD5 | db7f4c82c732e8b107492cae419740ab | — | 2026-04-04 | |
| FileHash-MD5 | e56bafda15a624b60ac967111d227bf8 | — | 2026-04-04 | |
| FileHash-MD5 | f5560871f6002982a6a2cc0b3ee739f7 | — | 2026-04-04 | |
| FileHash-SHA1 | 07d889e2dadce6f3910dcbc253317d28ca61c766 | SHA1 of db7f4c82c732e8b107492cae419740ab | 2026-04-04 | |
| FileHash-SHA1 | 13ab317c5dcab9af2d1bdb22118b9f09f8a4038e | SHA1 of 7a9ddef00f69477b96252ca234fcbeeb | 2026-04-04 | |
| FileHash-SHA1 | 2553649f2322049666871cea80a5d0d6adc700ca | SHA1 of 21d2470cae072cf2d027d473d168158c | 2026-04-04 | |
| FileHash-SHA1 | 2d94efc6d49e05b314a9da55804f6a0d57154b18 | SHA1 of cde4951bee7e28ac8a29d33d34a41ae5 | 2026-04-04 | |
| FileHash-SHA1 | 3fcc7360a2738ad2656e17c7d4ed3e651ff7d73a | SHA1 of 2e3a4412a7a487b32c5715167c755d08 | 2026-04-04 | |
| FileHash-SHA1 | 59faac136680104948e083b3b67a70af9bfa5d5e | SHA1 of 9663665850cdd8fe12e30a671e5c4e6f | 2026-04-04 | |
| FileHash-SHA1 | 978407431d75885228e0776913543992a9eb7cc4 | SHA1 of 089e2872016f75a5223b5e02c184dfec | 2026-04-04 | |
| FileHash-SHA1 | 9e7587b990ae57319a6afedeba3b8873f6238206 | SHA1 of f5560871f6002982a6a2cc0b3ee739f7 | 2026-04-04 | |
| FileHash-SHA1 | a90c26e7cbb3440ac1cad75cf351cbedef7744a8 | SHA1 of 04e3073b3cd5c5bfcde6f575ecf6e8c1 | 2026-04-04 | |
| FileHash-SHA1 | b0e0f12f1be57dc67fa375e860cedd19553c464d | SHA1 of 7658962ae060a222c0058cd4e979bfa1 | 2026-04-04 | |
| FileHash-SHA1 | b20aa5b6c1f01117993287edad462cc49f588b39 | SHA1 of 85ed77a21b88cae721f369fa6b7bbba3 | 2026-04-04 | |
| FileHash-SHA1 | cf774c2cd184a1e940d0ddcaadda55e3a6310470 | SHA1 of 7cac57b2d328bd814009772dd1eda429 | 2026-04-04 | |
| FileHash-SHA1 | d6f3f62fd3b9f5432f5782b62d8cfd5247d5ee71 | SHA1 of e56bafda15a624b60ac967111d227bf8 | 2026-04-04 | |
| FileHash-SHA256 | 58401c195fe0a6204b42f5f90995ece5fab74ce7c69c67a24c61a057325af668 | SHA256 of db7f4c82c732e8b107492cae419740ab | 2026-04-04 | |
| FileHash-SHA256 | 59336a964f110c25c112bcc5adca7090296b54ab33fa95c0744b94f8a0d80c0f | SHA256 of e56bafda15a624b60ac967111d227bf8 | 2026-04-04 | |
| FileHash-SHA256 | 5bb67e88846096f1f8d42a0f0350c9c46260591567612ff9af46f98d1b7571cd | SHA256 of 21d2470cae072cf2d027d473d168158c | 2026-04-04 | |
| FileHash-SHA256 | 617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101 | SHA256 of 04e3073b3cd5c5bfcde6f575ecf6e8c1 | 2026-04-04 | |
| FileHash-SHA256 | 71e35aef03099cd1f2d6446734273025a163597de93912df321ef118bf135238 | SHA256 of cde4951bee7e28ac8a29d33d34a41ae5 | 2026-04-04 | |
| FileHash-SHA256 | 8a2a05fd8bdc329c8a86d2d08229d167500c01ecad06e40477c49fb0096efdea | SHA256 of 85ed77a21b88cae721f369fa6b7bbba3 | 2026-04-04 | |
| FileHash-SHA256 | 92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a | SHA256 of 7a9ddef00f69477b96252ca234fcbeeb | 2026-04-04 | |
| FileHash-SHA256 | a0d229be8efcb2f9135e2ad55ba275b76ddcfeb55fa4370e0a522a5bdee0120b | SHA256 of f5560871f6002982a6a2cc0b3ee739f7 | 2026-04-04 | |
| FileHash-SHA256 | d2a0d5f564628773b6af7b9c11f6b86531a875bd2d186d7081ab62748a800ebb | SHA256 of 2e3a4412a7a487b32c5715167c755d08 | 2026-04-04 | |
| FileHash-SHA256 | d6fc0ff06978742a2ef789304bcdbe69a731693ad066a457db0878279830d6a9 | SHA256 of 7cac57b2d328bd814009772dd1eda429 | 2026-04-04 | |
| FileHash-SHA256 | e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09 | SHA256 of 7658962ae060a222c0058cd4e979bfa1 | 2026-04-04 | |
| FileHash-SHA256 | f7d335205b8d7b20208fb3ef93ee6dc817905dc3ae0c10a0b164f4e7d07121cd | SHA256 of 089e2872016f75a5223b5e02c184dfec | 2026-04-04 | |
| FileHash-SHA256 | fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf | SHA256 of 9663665850cdd8fe12e30a671e5c4e6f | 2026-04-04 | |
| IPv4 | 142.11.206.73 | CC=US ASN=AS54290 hostwinds llc. | 2026-04-04 | |
| domain | checkmarx.zone | — | 2026-04-04 | |
| domain | sfrclak.com | — | 2026-04-04 | |
| hostname | models.litellm.cloud | — | 2026-04-04 | |
| CVE | CVE-2026-20127 | — | 2026-04-04 | |
| FileHash-MD5 | 04e3073b3cd5c5bfcde6f575ecf6e8c1 | MD5 of 617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101 | 2026-04-04 | |
| FileHash-MD5 | 7658962ae060a222c0058cd4e979bfa1 | MD5 of e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09 | 2026-04-04 | |
| FileHash-MD5 | 7a9ddef00f69477b96252ca234fcbeeb | MD5 of 92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a | 2026-04-04 | |
| FileHash-MD5 | 90e8e227ba8bef0ea7e0212b5b1e0d4c | MD5 of ed8560c1ac7ceb6983ba995124d5917dc1a00288912387a6389296637d5f815c | 2026-04-04 | |
| FileHash-MD5 | 9663665850cdd8fe12e30a671e5c4e6f | MD5 of fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf | 2026-04-04 | |
| FileHash-SHA1 | 13ab317c5dcab9af2d1bdb22118b9f09f8a4038e | SHA1 of 92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a | 2026-04-04 | |
| FileHash-SHA1 | 59faac136680104948e083b3b67a70af9bfa5d5e | SHA1 of fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf | 2026-04-04 | |
| FileHash-SHA1 | a90c26e7cbb3440ac1cad75cf351cbedef7744a8 | SHA1 of 617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101 | 2026-04-04 | |
| FileHash-SHA1 | b0e0f12f1be57dc67fa375e860cedd19553c464d | SHA1 of e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09 | 2026-04-04 | |
| FileHash-SHA1 | dbd62d788ce8dcaa96116a73f70ee24813d59428 | SHA1 of ed8560c1ac7ceb6983ba995124d5917dc1a00288912387a6389296637d5f815c | 2026-04-04 | |
| FileHash-SHA256 | 617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101 | — | 2026-04-04 | |
| FileHash-SHA256 | 92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a | — | 2026-04-04 | |
| FileHash-SHA256 | e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09 | — | 2026-04-04 | |
| FileHash-SHA256 | ed8560c1ac7ceb6983ba995124d5917dc1a00288912387a6389296637d5f815c | — | 2026-04-04 | |
| FileHash-SHA256 | fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf | — | 2026-04-04 | |
| IPv4 | 142.11.206.73 | CC=US ASN=AS54290 hostwinds llc. | 2026-04-04 |
References (12)
↗ https://www.truesec.com/hub/blog/malicious-axios-packages-npm-in-supply-chain-compromise
↗ https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan
↗ https://www.derp.ca/research/axios-npm-supply-chain-rat/
↗ https://socket.dev/blog/axios-npm-package-compromised
↗ https://socradar.io/blog/axios-npm-supply-chain-attack-2026-ciso-guide/
↗ https://www.malwarebytes.com/blog/news/2026/03/axios-supply-chain-attack-chops-away-at-npm-trust
↗ https://www.elastic.co/security-labs/axios-supply-chain-compromise-detections
↗ https://www.crowdstrike.com/en-us/blog/stardust-chollima-likely-compromises-axios-npm-package/
↗ https://blog.nviso.eu/2026/04/03/the-axios-npm-supply-chain-incident-fake-dependency-real-backdoor/
↗ https://hunt.io/blog/axios-supply-chain-attack-ta444-bluenoroff
↗ https://www.zscaler.com/blogs/security-research/supply-chain-attacks-surge-march-2026
↗ https://blog.talosintelligence.com/axois-npm-supply-chain-incident/