ioc[.]one - OSINT Cyber Threat Intelligence Database

Malicious packages in npm enable theft of Discord tokens

Tags

attack-pattern:

Show in Graph

Common Information

Type	Value
UUID	6eb09f33-133f-49ac-aff4-f61e5b5b44ba
Fingerprint	8c314399aaf3b712
Analysis status	DONE
Considered CTI value	1
Text language
Published	Dec. 8, 2021, 7 p.m.
Added to db	Jan. 18, 2023, 9:53 p.m.
Last updated	Nov. 18, 2024, 9:16 p.m.
Headline	Malicious npm Packages Are After Your Discord Tokens – 17 New Packages Disclosed
Title	Malicious packages in npm enable theft of Discord tokens
Detected Hints/Tags/Attributes	77/1/24

Source URLs

	Redirection	Url
Details	Source	https://jfrog.com/blog/malicious-npm-packages-are-after-your-discord-tokens-17-new-packages-disclosed/

URL Provider

Details	Provider	Source level domain
Details	jfrog.com	jfrog.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	playerup.com
Details	Domain	180	readme.md
Details	Domain	1	aba45cf.glitch.me
Details	Domain	95	ip-api.com
Details	Domain	112	cdn.discordapp.com
Details	Domain	52	socket.io
Details	Domain	20	obfuscator.io
Details	Domain	2	geolocation-db.com
Details	Domain	12	pipedream.net
Details	Domain	21	jfrog.com
Details	Email	6	research@jfrog.com
Details	File	676	node.js
Details	File	4	discord.js
Details	File	1	userget.js
Details	File	1	nomfa.exe
Details	File	1	mfa.exe
Details	File	7	r.json
Details	File	366	console.log
Details	md5	1	a5eb7b362adc824ed7d98433d8eae80a
Details	Url	1	https://aba45cf.glitch.me/polarlindo
Details	Url	1	http://ip-api.com/json/").then
Details	Url	2	https://canary.discord.com/api/webhooks/903018156283551775/ljoj9526e_rzw0js2dqpdv0eyqd5rqybtucjqolp84jtwlxjxawnuam9fyuplyn2tjft
Details	Url	1	https://cdn.discordapp.com/avatars
Details	Url	1	https://geolocation-db.com/json