← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
wormsign — supply-chain: npm:@cloudplatform-single-spa/svp-baas
WHITE w0rmsign 2026-05-30 Modified: 2026-05-30
6
IOCs
LOW VOLUME
Wormsign detonated npm:@cloudplatform-single-spa/svp-baas in a network-sandboxed environment. Observed 6 indicator(s); 6 appear novel against OTX as of submission. The malicious package was published to the npm registry and is included in our open supply-chain indicator feed. Full context, per-IOC tier classification, and the detonation card with MITRE TTPs: https://wormsign.io/portfolio/@cloudplatform-single-spa/svp-baas. TLP:CLEAR — indicators only, no malware samples.
wormsignsupply-chainnpmpackage-compromise
Indicators of Compromise (6)
All hostname URL FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
hostname oob.moika.tech observed during wormsign detonation of @cloudplatform-single-spa/svp-baas 2026-05-30
URL https://docs.cloudplatform-single-spa.io/platform/svp-baas observed during wormsign detonation of @cloudplatform-single-spa/svp-baas 2026-05-30
URL https://jira.cloudplatform-single-spa.io/projects/PLATFORM observed during wormsign detonation of @cloudplatform-single-spa/svp-baas 2026-05-30
URL https://npm.cloudplatform-single-spa.io observed during wormsign detonation of @cloudplatform-single-spa/svp-baas 2026-05-30
URL https://github.cloudplatform-single-spa.io/platform/svp-baas.git observed during wormsign detonation of @cloudplatform-single-spa/svp-baas 2026-05-30
FileHash-SHA256 730591668a5781c6752386635872b7750c3a64cfc3d7fccbbc9adf2f3f9dfefb observed during wormsign detonation of @cloudplatform-single-spa/svp-baas 2026-05-30
References (2)
↗ https://wormsign.io/portfolio/@cloudplatform-single-spa/svp-baas ↗ https://wormsign.io