← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
wormsign — supply-chain: npm:d360-frontend
WHITE w0rmsign 2026-05-30 Modified: 2026-05-30
7
IOCs
LOW VOLUME
Wormsign detonated npm:d360-frontend in a network-sandboxed environment. Observed 7 indicator(s); 6 appear novel against OTX as of submission. The malicious package was published to the npm registry and is included in our open supply-chain indicator feed. Full context, per-IOC tier classification, and the detonation card with MITRE TTPs: https://wormsign.io/portfolio/d360-frontend. TLP:CLEAR — indicators only, no malware samples.
wormsignsupply-chainnpmpackage-compromise
Indicators of Compromise (7)
All URL IPv4
TYPEINDICATORDESCRIPTIONCREATED
URL https://ui.shadcn.com/schema.json observed during wormsign detonation of d360-frontend 2026-05-30
URL https://d360.com/about-us observed during wormsign detonation of d360-frontend 2026-05-30
URL https://d360.com/shariah-committee observed during wormsign detonation of d360-frontend 2026-05-30
URL https://www.visionventures.com/ observed during wormsign detonation of d360-frontend 2026-05-30
IPv4 13.235.50.194 observed during wormsign detonation of d360-frontend 2026-05-30
URL http://13.235.50.194:1337/api observed during wormsign detonation of d360-frontend 2026-05-30
URL https://d360bank.com observed during wormsign detonation of d360-frontend 2026-05-30
References (2)
↗ https://wormsign.io/portfolio/d360-frontend ↗ https://wormsign.io