← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Popular Development Framework Neutralinojs Compromised In DPRK Attack
WHITE PetrP.73 2026-04-02 Modified: 2026-04-02
6
IOCs
LOW VOLUME
The Neutralinojs framework was compromised by North Korean (DPRK) threat actors in March 2026 through a sophisticated attack employing stolen GitHub credentials. This breach involved the force-pushing of malicious commits across four separate repositories, which were designed to blend in with the legitimate code history by backdating the timestamps of the commits between 5 to 35 days. This tactic allowed the malicious code to go undetected for approximately three days after its deployment
malwarenpm securitypackage securityopen source securitythreat intelligencevulnerability reportingdprk attackblockchain c2addresses tronlayer
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (6)
All FileHash-SHA1 FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 6c19a3106b6f6f2725c530e37bfac7f99c2cc82b 2026-04-02
FileHash-SHA1 720c0e39c02184952d24fb5dabe19d8d83c89f53 2026-04-02
FileHash-SHA1 90665b4bed716c05e75ec181ddf7af9345fa1591 2026-04-02
FileHash-SHA1 d62abe0288901ba91fe7782094342d4ade2492ce 2026-04-02
FileHash-SHA256 904afe0337fbbd79def403b3204f75b4c5fbe4e2271252d22c0307f9cbd14646 2026-04-02
FileHash-SHA256 a507b74b6b1e25444c586bc67ae0244cba3037f2b39f25f7eb507ded97c373c1 2026-04-02
References (1)
↗ https://opensourcemalware.com/blog/neutralinojs-compromise