npm Supply Chain Attack Targeting Germany-Based Companies
Tags
country: | Germany |
maec-delivery-vectors: | Watering Hole |
attack-pattern: | Data Dns - T1071.004 Dns - T1590.002 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 |
Common Information
Type | Value |
---|---|
UUID | 58fa1bb1-5bb2-48ed-992a-abb37e9793c1 |
Fingerprint | ac230589a937378b |
Analysis status | DONE |
Considered CTI value | 0 |
Text language | |
Published | May 10, 2022, 4:57 p.m. |
Added to db | Jan. 18, 2023, 9:53 p.m. |
Last updated | Nov. 17, 2024, 5:54 p.m. |
Headline | Npm Supply Chain Attack Targets Germany-based Companies with Dangerous Backdoor Malware |
Title | npm Supply Chain Attack Targeting Germany-Based Companies |
Detected Hints/Tags/Attributes | 51/3/18 |
Source URLs
URL Provider
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 2 | www.pkgio.com |
|
Details | Domain | 3 | pkgio.com |
|
Details | Domain | 1 | cdn.game-note.com |
|
Details | Domain | 1 | game-note.com |
|
Details | Domain | 396 | protonmail.com |
|
Details | 1 | bertelsmannnpm@protonmail.com |
||
Details | 1 | boschnodemodules@protonmail.com |
||
Details | 1 | dbschenkernpm@protonmail.com |
||
Details | 1 | stihlnodemodules@protonmail.com |
||
Details | File | 5 | 'package.json |
|
Details | File | 2 | dec.js |
|
Details | File | 2 | enc.js |
|
Details | File | 7 | process.pl |
|
Details | File | 1 | atform.inc |
|
Details | File | 2 | confsettingsaaa.js |
|
Details | File | 156 | package.json |
|
Details | IPv4 | 1 | 82.196.7.23 |
|
Details | IPv4 | 1 | 82.196.15.238 |