Newly Identified Dependency Confusion Packages Target Amazon, Zillow, and Slack; Go Beyond Just Bug Bounties
Tags
attack-pattern: Data Bash History - T1552.003 Dns - T1071.004 Dns - T1590.002 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Serverless - T1583.007 Serverless - T1584.007 Software - T1592.002 Bash History - T1139
Show in Graph
Common Information
Type Value
UUID 4f3567a6-fdd6-4f85-a06f-f5adbb7573af
Fingerprint a561305e890f774f
Analysis status DONE
Considered CTI value 0
Text language
Published March 1, 2021, 7 p.m.
Added to db Sept. 26, 2022, 9:34 a.m.
Last updated Nov. 11, 2024, 6:26 a.m.
Headline Sonatype Blog
Title Newly Identified Dependency Confusion Packages Target Amazon, Zillow, and Slack; Go Beyond Just Bug Bounties
Detected Hints/Tags/Attributes 48/1/4
Source URLs
Redirection Url
Details Source https://blog.sonatype.com/malicious-dependency-confusion-copycats-exfiltrate-bash-history-and-etc-shadow-files
URL Provider
Details Provider Source level domain
Details sonatype.com blog.sonatype.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
comevil.fun
Details File 156 
package.json
Details File 6 
run.js
Details File 174 
index.js