← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
wormsign — supply-chain: npm:@cloudplatform-single-spa/svp-baas
WHITE w0rmsign 2026-06-03 Modified: 2026-06-03
5
IOCs
LOW VOLUME
Wormsign detonated npm:@cloudplatform-single-spa/svp-baas in a network-sandboxed environment. Observed 5 indicator(s); 5 appear novel against OTX as of submission. The malicious package was published to the npm registry and is included in our open supply-chain indicator feed. Full context, per-IOC tier classification, and the detonation card with MITRE TTPs: https://wormsign.io/portfolio/@cloudplatform-single-spa/svp-baas. Search any IOC across the wormsign corpus: https://wormsign.io/?q=oob.moika.tech TLP:CLEAR — indicators only, no malware samples.
wormsignsupply-chainnpmpackage-compromise
Indicators of Compromise (5)
All hostname URL
TYPEINDICATORDESCRIPTIONCREATED
hostname oob.moika.tech observed during wormsign detonation of @cloudplatform-single-spa/svp-baas 2026-06-03
URL https://docs.cloudplatform-single-spa.io/platform/svp-baas observed during wormsign detonation of @cloudplatform-single-spa/svp-baas 2026-06-03
URL https://jira.cloudplatform-single-spa.io/projects/PLATFORM observed during wormsign detonation of @cloudplatform-single-spa/svp-baas 2026-06-03
URL https://npm.cloudplatform-single-spa.io observed during wormsign detonation of @cloudplatform-single-spa/svp-baas 2026-06-03
URL https://github.cloudplatform-single-spa.io/platform/svp-baas.git observed during wormsign detonation of @cloudplatform-single-spa/svp-baas 2026-06-03
References (2)
↗ https://wormsign.io/portfolio/@cloudplatform-single-spa/svp-baas ↗ https://wormsign.io