NPM Package Masquerading as Email Validator Contains C2 and Sophisticated Data Exfiltration
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 6a775619-14a1-4d0b-8570-50db72d31fe8 |
| Fingerprint | ac229083ba359394 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Aug. 25, 2023, midnight |
| Added to db | Nov. 19, 2023, 6:06 a.m. |
| Last updated | Nov. 17, 2024, 7:44 p.m. |
| Headline | NPM Package Masquerading as Email Validator Contains C2 and Sophisticated Data Exfiltration |
| Title | NPM Package Masquerading as Email Validator Contains C2 and Sophisticated Data Exfiltration |
| Detected Hints/Tags/Attributes | 73/3/36 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://blog.phylum.io/npm-emails-validator-package-malware/ |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 46 | ✔ | Phylum | https://blog.phylum.io/rss/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 1 | linglink.lu |
|
| Details | Domain | 1 | pout.autistan.lu |
|
| Details | Domain | 1 | pics2.autistan.lu |
|
| Details | Domain | 359 | com.apple |
|
| Details | Domain | 1 | pics.autistan.lu |
|
| Details | Domain | 1 | autistan.lu |
|
| Details | File | 5 | init.js |
|
| Details | File | 156 | package.json |
|
| Details | File | 174 | index.js |
|
| Details | File | 7 | process.pl |
|
| Details | File | 674 | node.js |
|
| Details | File | 14 | object.key |
|
| Details | File | 66 | settings.xml |
|
| Details | File | 2 | settings-security.xml |
|
| Details | File | 1 | e.inc |
|
| Details | File | 1 | win32d.exe |
|
| Details | File | 1 | %windir%\\\\syswow64\\\\gpupdate.exe |
|
| Details | File | 1 | %windir%\\\\sysnative\\\\gpupdate.exe |
|
| Details | File | 533 | ntdll.dll |
|
| Details | File | 748 | kernel32.dll |
|
| Details | Github username | 1 | everydellei |
|
| Details | sha256 | 1 | 34a86ec79c04b13ccb5c5279241cc3dfb6e91a48c3497703c9d757b10a8abc8c |
|
| Details | sha256 | 1 | b7c6d3dcd962cc33cd12a21bec9a40470f9a42577a2ba89c97bd28cdc95945b5 |
|
| Details | sha256 | 1 | d68a94343dff8444afe6208ad1377639ddd3667d28839a40c22a1e3112d1e335 |
|
| Details | sha256 | 1 | bb9d4d127fffb12c3d386ea3671a446cf181fb03d08b20b1e9e1675f83471ec3 |
|
| Details | sha256 | 1 | 66c4640dcdab0c746c71a3d72002791f0567379ccfea685cac05d4cde3c36926 |
|
| Details | sha256 | 1 | 246c6637a8b514e55390468ed36b46e4e5563c08cc035723a6fbe66b54537cdb |
|
| Details | sha256 | 1 | ca7bc3b201c71eff6f8f8cf5bd79e53116b4eeea3040789e16e09a53050e73c5 |
|
| Details | sha256 | 1 | 869164886ee65add713d19ee36780f5b3c80209259bddb2667666319d78028c5 |
|
| Details | sha256 | 1 | d1b8d72c450a44d27ac22a7dfc4808f0700ac03ee90c31ea6208a21664e1fd43 |
|
| Details | sha256 | 1 | bbd4c83ac3b0c1c944c0bb2767e45f65b37b7ce634ae61932fbe0e2b549cdf9e |
|
| Details | sha256 | 1 | ee6bfc0e1531e120a63ddd95232e9330d7cae29c43233f604736e3bf374cf48c |
|
| Details | sha256 | 1 | 651c369596ae985b7b5fda53b5c8884cf4cfe273b4661495afc2d1a91e809890 |
|
| Details | IPv4 | 295 | 8.8.8.8 |
|
| Details | Url | 1 | https://github.com/everydellei/emails-helper |