← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - Analyzing TeamPCP’s Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential Theft
TeamPCP has been identified as running a coordinated campaign from March 19 through April 24, with at least seven distinct waves identified. It finds trusted artifacts in developer tool chains, poisons the distribution channel using that project’s own infrastructure, and harvests credentials before the project’s maintainers or security monitoring catches the substitution. The targets span five programming ecosystems and three registry types.
Indicators of Compromise (21)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | d47de3772f2d61a043e7047431ef4cf4 | MD5 of 24680027afadea90c7c713821e214b15cb6c922e67ac01109fb1edb3ee4741d9 | 2026-05-15 | |
| FileHash-MD5 | e1023db24a29ab0229d99764e2c8deba | MD5 of 2a6a35f06118ff7d61bfd36a5788557b695095e7c9a609b4a01956883f146f50 | 2026-05-15 | |
| FileHash-MD5 | fb6b61447ee9f1b86067bd64b1e002b4 | MD5 of 18f784b3bc9a0bcdcb1a8d7f51bc5f54323fc40cbd874119354ab609bef6e4cb | 2026-05-15 | |
| FileHash-SHA1 | 250f3633529457477a9f8fd3db3472e94383606a | SHA1 of 2a6a35f06118ff7d61bfd36a5788557b695095e7c9a609b4a01956883f146f50 | 2026-05-15 | |
| FileHash-SHA1 | 2b12cc5cc91ec483048abcbd6d523cdc9ebae3f3 | SHA1 of 24680027afadea90c7c713821e214b15cb6c922e67ac01109fb1edb3ee4741d9 | 2026-05-15 | |
| FileHash-SHA1 | 5b5d76ae552dc13010b15f41955b6534b16bba12 | SHA1 of 18f784b3bc9a0bcdcb1a8d7f51bc5f54323fc40cbd874119354ab609bef6e4cb | 2026-05-15 | |
| FileHash-SHA1 | b1e4b1f3aad0d489ab0e9208031c67402bbb8480 | — | 2026-05-15 | |
| FileHash-SHA256 | 167ce57ef59a32a6a0ef4137785828077879092d7f83ddbc1755d6e69116e0ad | — | 2026-05-15 | |
| FileHash-SHA256 | 18f784b3bc9a0bcdcb1a8d7f51bc5f54323fc40cbd874119354ab609bef6e4cb | — | 2026-05-15 | |
| FileHash-SHA256 | 24680027afadea90c7c713821e214b15cb6c922e67ac01109fb1edb3ee4741d9 | — | 2026-05-15 | |
| FileHash-SHA256 | 2a6a35f06118ff7d61bfd36a5788557b695095e7c9a609b4a01956883f146f50 | — | 2026-05-15 | |
| FileHash-SHA256 | 8605e365edf11160aad517c7d79a3b26b62290e5072ef97b102a01ddbb343f14 | — | 2026-05-15 | |
| FileHash-SHA256 | d37874c6c8a2d2a7a252810a1999ece8bb39e9b3ab2b7e8bf40da15bd36a1584 | — | 2026-05-15 | |
| IPv4 | 83.142.209.203 | CC=UA ASN=ASNone | 2026-05-15 | |
| IPv4 | 91.195.240.123 | CC=DE ASN=AS47846 sedo | 2026-05-15 | |
| IPv4 | 94.154.172.43 | CC=TR ASN=AS209371 private network | 2026-05-15 | |
| URL | http://audit.checkmarx.cx/v1/telemetry | — | 2026-05-15 | |
| domain | checkmarx.cx | — | 2026-05-15 | |
| domain | checkmarx.zone | — | 2026-05-15 | |
| hostname | audit.checkmarx.cx | — | 2026-05-15 | |
| hostname | igotnofriendsonlineorirl-imgonnakmslmao.skyhanni.cloud | — | 2026-05-15 |