← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
wormsign — supply-chain: npm:reactify-utils
WHITE w0rmsign 2026-05-30 Modified: 2026-05-30
6
IOCs
LOW VOLUME
Wormsign detonated npm:reactify-utils in a network-sandboxed environment. Observed 6 indicator(s); 6 appear novel against OTX as of submission. The malicious package was published to the npm registry and is included in our open supply-chain indicator feed. Full context, per-IOC tier classification, and the detonation card with MITRE TTPs: https://wormsign.io/portfolio/reactify-utils. TLP:CLEAR — indicators only, no malware samples.
wormsignsupply-chainnpmpackage-compromise
Indicators of Compromise (6)
All URL FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
URL http://proxy.host:3128/ observed during wormsign detonation of reactify-utils 2026-05-30
URL https://www.jsonkeeper.com/b/OR0FN observed during wormsign detonation of reactify-utils 2026-05-30
URL https://reactify-utils.com/ observed during wormsign detonation of reactify-utils 2026-05-30
URL https://reactify-utils.com/about/ observed during wormsign detonation of reactify-utils 2026-05-30
URL https://reactify-utils.com/usage/using-gmail/ observed during wormsign detonation of reactify-utils 2026-05-30
FileHash-SHA256 9fb27c30f484650bb4a39f65a03fbccdc0b9b5f1cb84700ca73ee8893c66e06e observed during wormsign detonation of reactify-utils 2026-05-30
References (2)
↗ https://wormsign.io/portfolio/reactify-utils ↗ https://wormsign.io