Pulse Detail — Threat Intelligence

PULSE NAME

SL-ADV-2026-WP-001 - JS Malware v1 characteristics

WHITE dispensight 2026-05-21 Modified: 2026-05-21

IOCs

LOW VOLUME

Deep static analysis of V1 loader via two-pass de-obfuscation (robust: 625,548 bytes; aggressive: 661,065 bytes). See comments for the detailed description.

AS202412 obfuscator.io Malware as a Service evasion clickfix geo-targeted anti-analysis

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1027 T1059 T1104 T1189 T1203 T1497 T1614

MALWARE FAMILIES

NodeJS obfuscator.io SL-WP-001v1

Indicators of Compromise (10)

All FileHash-SHA256 URL domain

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-SHA256	30395140220edcc8114efa080acd92b6fe6b0edc6ea8c343c0a35230e664c78c	—	2026-05-21
FileHash-SHA256	4f7380a72da2f5f591c5033a014c65a36e3eaf13928ee642546fff406254fbce	—	2026-05-21
URL	http://dnsnewtds.shop/jsrepo.	—	2026-05-21
URL	http://ntdnewtds.shop/jsrepo	—	2026-05-21
domain	dnsnewtds.shop	—	2026-05-21
domain	ntdnewtds.shop	—	2026-05-21
URL	http://dnsnewtds.shop/jsrepo	—	2026-05-21
URL	https://dnsnewtds.shop/teamrepo	—	2026-05-21
URL	https://ntdnewtds.shop/jsrepo	—	2026-05-21
URL	https://ntdnewtds.shop/teamrepo	—	2026-05-21

References (2)

↗ SL-ADV-2026-WP-001-V1-DEEP_STIX2.1.json ↗ https://secureleaf.dispensight.com/sink.html