Fake Puppeteer Packages Contain Malware
Tags
country: Russia
attack-pattern: Botnet - T1583.005 Botnet - T1584.005 Ip Addresses - T1590.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Connection Proxy - T1090
Show in Graph
Common Information
Type Value
UUID 5bd33632-97b1-4f19-888e-9d464b5f35a8
Fingerprint ee001a09a82d2300
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 31, 2024, midnight
Added to db Oct. 31, 2024, 7:51 a.m.
Last updated Nov. 12, 2024, 7:58 a.m.
Headline Typosquat Campaign Targeting Puppeteer Users
Title Fake Puppeteer Packages Contain Malware
Detected Hints/Tags/Attributes 33/2/12
Source URLs
Redirection Url
Details Source https://blog.phylum.io/supply-chain-security-typosquat-campaign-targeting-puppeteer-users/
Details Source https://malware.news/t/typosquat-campaign-targeting-puppeteer-users/87989
URL Provider
Details Provider Source level domain
Details malware.news malware.news
Details phylum.io blog.phylum.io
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 46 Phylum https://blog.phylum.io/rss/ 2024-08-30 22:08
Details 158 Malware Analysis, News and Indicators - Latest topics https://malware.news/latest.rss 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details File 156 
package.json
Details File 1 
clzypp8j.js
Details File 6 
ethers.js
Details File 10 
os.pl
Details File 6 
node-win.exe
Details File 7 
os.tmp
Details File 6 
fs.chm
Details sha1 3 
7ac12ba9822df1f6652fd3dd67f61e026719a76a
Details sha1 3 
5ded160d97657902a14ecca95acfb01c7bf957d1
Details sha1 3 
2addf6ef678f9f663b00e13e3bb2fa0a37299dd0
Details IPv4 6 
193.233.201.21
Details Url 6 
http://193.233.201.21:3001