Mini Shai-Hulud
Three compromised versions of the Microsoft durabletask Python SDK (1.4.1, 1.4.2, 1.4.3) were published to PyPI, each downloading a stage-2 payload that steals credentials from AWS, Azure, GCP, Kubernetes, HashiCorp Vault, and password managers, then propagates to other hosts via SSM and kubectl exec.
discovered 2026-04-29
Objective
Steal developer, cloud, registry, or application credentials through malicious package execution.
Related campaigns
Packages
- npm@cap-js/sqliteattributed-to
- npm@cap-js/postgresattributed-to
- npm@cap-js/db-serviceattributed-to
- npmmbtattributed-to
- npm@beproduct/nestjs-authattributed-to
- npm@dirigible-ai/sdkattributed-to
- npm@draftauth/clientattributed-to
- npm@draftauth/coreattributed-to
- npm@draftlab/authattributed-to
- npm@draftlab/auth-routerattributed-to
- npm@draftlab/dbattributed-to
- npm@mesadev/restattributed-to
- npm@mesadev/saguaroattributed-to
- npm@mesadev/sdkattributed-to
- npm@mistralai/mistralaiattributed-to
- npm@mistralai/mistralai-azureattributed-to
- npm@mistralai/mistralai-gcpattributed-to
- npm@ml-toolkit-ts/preprocessingattributed-to
- npm@ml-toolkit-ts/xgboostattributed-to
- npm@opensearch-project/opensearchattributed-to
- npm@squawk/airport-dataattributed-to
- npm@squawk/airportsattributed-to
- npm@squawk/airspaceattributed-to
- npm@squawk/airspace-dataattributed-to
- npm@squawk/airway-dataattributed-to
- npm@squawk/airwaysattributed-to
- npm@squawk/fix-dataattributed-to
- npm@squawk/fixesattributed-to
- npm@squawk/flight-mathattributed-to
- npm@squawk/flightplanattributed-to
- npm@squawk/geoattributed-to
- npm@squawk/icao-registryattributed-to
- npm@squawk/icao-registry-dataattributed-to
- npm@squawk/mcpattributed-to
- npm@squawk/navaid-dataattributed-to
- npm@squawk/navaidsattributed-to
- npm@squawk/notamsattributed-to
- npm@squawk/procedure-dataattributed-to
- npm@squawk/proceduresattributed-to
- npm@squawk/typesattributed-to
- npm@squawk/unitsattributed-to
- npm@squawk/weatherattributed-to
- npm@supersurkhet/cliattributed-to
- npm@supersurkhet/sdkattributed-to
- npm@tallyui/componentsattributed-to
- npm@tallyui/connector-medusaattributed-to
- npm@tallyui/connector-shopifyattributed-to
- npm@tallyui/connector-vendureattributed-to
- npm@tallyui/connector-woocommerceattributed-to
- npm@tallyui/coreattributed-to
- npm@tallyui/databaseattributed-to
- npm@tallyui/posattributed-to
- npm@tallyui/storage-sqliteattributed-to
- npm@tallyui/themeattributed-to
- npm@tanstack/arktype-adapterattributed-to
- npm@tanstack/eslint-plugin-routerattributed-to
- npm@tanstack/eslint-plugin-startattributed-to
- npm@tanstack/historyattributed-to
- npm@tanstack/nitro-v2-vite-pluginattributed-to
- npm@tanstack/react-routerattributed-to
- npm@tanstack/react-router-devtoolsattributed-to
- npm@tanstack/react-router-ssr-queryattributed-to
- npm@tanstack/react-startattributed-to
- npm@tanstack/react-start-clientattributed-to
- npm@tanstack/react-start-rscattributed-to
- npm@tanstack/react-start-serverattributed-to
- npm@tanstack/router-cliattributed-to
- npm@tanstack/router-coreattributed-to
- npm@tanstack/router-devtoolsattributed-to
- npm@tanstack/router-devtools-coreattributed-to
- npm@tanstack/router-generatorattributed-to
- npm@tanstack/router-pluginattributed-to
- npm@tanstack/router-ssr-query-coreattributed-to
- npm@tanstack/router-utilsattributed-to
- npm@tanstack/router-vite-pluginattributed-to
- npm@tanstack/solid-routerattributed-to
- npm@tanstack/solid-router-devtoolsattributed-to
- npm@tanstack/solid-router-ssr-queryattributed-to
- npm@tanstack/solid-startattributed-to
- npm@tanstack/solid-start-clientattributed-to
- npm@tanstack/solid-start-serverattributed-to
- npm@tanstack/start-client-coreattributed-to
- npm@tanstack/start-fn-stubsattributed-to
- npm@tanstack/start-plugin-coreattributed-to
- npm@tanstack/start-server-coreattributed-to
- npm@tanstack/start-static-server-functionsattributed-to
- npm@tanstack/start-storage-contextattributed-to
- npm@tanstack/valibot-adapterattributed-to
- npm@tanstack/virtual-file-routesattributed-to
- npm@tanstack/vue-routerattributed-to
- npm@tanstack/vue-router-devtoolsattributed-to
- npm@tanstack/vue-router-ssr-queryattributed-to
- npm@tanstack/vue-startattributed-to
- npm@tanstack/vue-start-clientattributed-to
- npm@tanstack/vue-start-serverattributed-to
- npm@tanstack/zod-adapterattributed-to
- npm@taskflow-corp/cliattributed-to
- npm@tolka/cliattributed-to
- npm@uipath/access-policy-sdkattributed-to
- npm@uipath/access-policy-toolattributed-to
- npm@uipath/admin-toolattributed-to
- npm@uipath/agent-sdkattributed-to
- npm@uipath/agent-toolattributed-to
- npm@uipath/agent.sdkattributed-to
- npm@uipath/aops-policy-toolattributed-to
- npm@uipath/ap-chatattributed-to
- npm@uipath/api-workflow-toolattributed-to
- npm@uipath/apollo-coreattributed-to
- npm@uipath/apollo-reactattributed-to
- npm@uipath/apollo-windattributed-to
- npm@uipath/authattributed-to
- npm@uipath/case-toolattributed-to
- npm@uipath/cliattributed-to
- npm@uipath/codedagent-toolattributed-to
- npm@uipath/codedagents-toolattributed-to
- npm@uipath/codedapp-toolattributed-to
- npm@uipath/commonattributed-to
- npm@uipath/context-grounding-toolattributed-to
- npm@uipath/data-fabric-toolattributed-to
- npm@uipath/docsai-toolattributed-to
- npm@uipath/filesystemattributed-to
- npm@uipath/flow-toolattributed-to
- npm@uipath/functions-toolattributed-to
- npm@uipath/gov-toolattributed-to
- npm@uipath/identity-toolattributed-to
- npm@uipath/insights-sdkattributed-to
- npm@uipath/insights-toolattributed-to
- npm@uipath/integrationservice-sdkattributed-to
- npm@uipath/integrationservice-toolattributed-to
- npm@uipath/llmgw-toolattributed-to
- npm@uipath/maestro-sdkattributed-to
- npm@uipath/maestro-toolattributed-to
- npm@uipath/orchestrator-toolattributed-to
- npm@uipath/packager-tool-apiworkflowattributed-to
- npm@uipath/packager-tool-bpmnattributed-to
- npm@uipath/packager-tool-caseattributed-to
- npm@uipath/packager-tool-connectorattributed-to
- npm@uipath/packager-tool-flowattributed-to
- npm@uipath/packager-tool-functionsattributed-to
- npm@uipath/packager-tool-webappattributed-to
- npm@uipath/packager-tool-workflowcompilerattributed-to
- npm@uipath/packager-tool-workflowcompiler-browserattributed-to
- npm@uipath/platform-toolattributed-to
- npm@uipath/project-packagerattributed-to
- npm@uipath/resource-toolattributed-to
- npm@uipath/resourcecatalog-toolattributed-to
- npm@uipath/resources-toolattributed-to
- npm@uipath/robotattributed-to
- npm@uipath/rpa-legacy-toolattributed-to
- npm@uipath/rpa-toolattributed-to
- npm@uipath/solution-packagerattributed-to
- npm@uipath/solution-toolattributed-to
- npm@uipath/solutionpackager-sdkattributed-to
- npm@uipath/solutionpackager-tool-coreattributed-to
- npm@uipath/tasks-toolattributed-to
- npm@uipath/telemetryattributed-to
- npm@uipath/test-manager-toolattributed-to
- npm@uipath/tool-workflowcompilerattributed-to
- npm@uipath/traces-toolattributed-to
- npm@uipath/ui-widgets-multi-file-uploadattributed-to
- npm@uipath/uipath-python-bridgeattributed-to
- npm@uipath/vertical-solutions-toolattributed-to
- npm@uipath/vssattributed-to
- npm@uipath/widget.sdkattributed-to
- npmagentwork-cliattributed-to
- npmcmux-agent-mcpattributed-to
- npmcross-stitchattributed-to
- npmgit-branch-selectorattributed-to
- npmgit-git-gitattributed-to
- npmml-toolkit-tsattributed-to
- npmnextmove-mcpattributed-to
- npmsafe-actionattributed-to
- npmts-dnaattributed-to
- npmwot-apiattributed-to
- pypiguardrails-aiattributed-to
- pypimistralaiattributed-to
- npmnode-ipcattributed-to
- npmai-figureattributed-to
- npmamapcnattributed-to
- npm@antv/a8attributed-to
- npm@antv/adjustattributed-to
- npm@antv/algorithmattributed-to
- npm@antv/async-hookattributed-to
- npm@antv/attrattributed-to
- npm@antv/avaattributed-to
- npm@antv/ava-reactattributed-to
- npm@antv/awardsattributed-to
- npm@antv/calendar-heatmapattributed-to
- npm@antv/chart-linterattributed-to
- npm@antv/chart-node-g6attributed-to
- npm@antv/chart-visualization-skillsattributed-to
- npm@antv/ckbattributed-to
- npm@antv/color-schemaattributed-to
- npm@antv/color-utilattributed-to
- npm@antv/componentattributed-to
- npm@antv/coordattributed-to
- npm@antv/d3-colorattributed-to
- npm@antv/d3-interpolateattributed-to
- npm@antv/data-samplesattributed-to
- npm@antv/data-setattributed-to
- npm@antv/data-wizardattributed-to
- npm@antv/dipper-componentattributed-to
- npm@antv/dipper-hooksattributed-to
- npm@antv/dipper-mapattributed-to
- npm@antv/dom-utilattributed-to
- npm@antv/dumi-theme-antvattributed-to
- npm@antv/dw-analyzerattributed-to
- npm@antv/dw-randomattributed-to
- npm@antv/dw-transformattributed-to
- npm@antv/dw-utilattributed-to
- npm@antv/event-emitterattributed-to
- npm@antv/exprattributed-to
- npm@antv/f2attributed-to
- npm@antv/f2-algorithmattributed-to
- npm@antv/f2-canvasattributed-to
- npm@antv/f2-contextattributed-to
- npm@antv/f2-graphicattributed-to
- npm@antv/f2-myattributed-to
- npm@antv/f2-reactattributed-to
- npm@antv/f2-siteattributed-to
- npm@antv/f2-vueattributed-to
- npm@antv/f2-wordcloudattributed-to
- npm@antv/f2-wxattributed-to
- npm@antv/f6attributed-to
- npm@antv/f6-alipayattributed-to
- npm@antv/f6-coreattributed-to
- npm@antv/f6-elementattributed-to
- npm@antv/f6-hammerjsattributed-to
- npm@antv/f6-pluginattributed-to
- npm@antv/f6-uiattributed-to
- npm@antv/f6-wxattributed-to
- npm@antv/f-chartsattributed-to
- npm@antv/f-engineattributed-to
- npm@antv/f-lottieattributed-to
- npm@antv/f-myattributed-to
- npm@antv/f-reactattributed-to
- npm@antv/f-test-utilsattributed-to
- npm@antv/f-vueattributed-to
- npm@antv/f-wxattributed-to
- npm@antv/g2attributed-to
- npm@antv/g2-brushattributed-to
- npm@antv/g2-extension-3dattributed-to
- npm@antv/g2-extension-avaattributed-to
- npm@antv/g2-extension-plotattributed-to
- npm@antv/g2plotattributed-to
- npm@antv/g2plot-schemasattributed-to
- npm@antv/g2-plugin-sliderattributed-to
- npm@antv/g2-ssrattributed-to
- npm@antv/gattributed-to
- npm@antv/g6attributed-to
- npm@antv/g6-alipayattributed-to
- npm@antv/g6-cliattributed-to
- npm@antv/g6-coreattributed-to
- npm@antv/g6-editorattributed-to
- npm@antv/g6-elementattributed-to
- npm@antv/g6-extension-3dattributed-to
- npm@antv/g6-extension-reactattributed-to
- npm@antv/g6-mobileattributed-to
- npm@antv/g6-pcattributed-to
- npm@antv/g6-pluginattributed-to
- npm@antv/g6-plugin-map-viewattributed-to
- npm@antv/g6-pluginsattributed-to
- npm@antv/g6-react-nodeattributed-to
- npm@antv/g6-ssrattributed-to
- npm@antv/g6-wxattributed-to
- npm@antv/gatsby-themeattributed-to
- npm@antv/g-baseattributed-to
- npm@antv/g-camera-apiattributed-to
- npm@antv/g-canvasattributed-to
- npm@antv/g-canvaskitattributed-to
- npm@antv/g-compatattributed-to
- npm@antv/g-componentsattributed-to
- npm@antv/g-css-layout-apiattributed-to
- npm@antv/g-css-typed-om-apiattributed-to
- npm@antv/g-device-apiattributed-to
- npm@antv/g-dom-mutation-observer-apiattributed-to
- npm@antv/geo-coordattributed-to
- npm@antv/g-gestureattributed-to
- npm@antv/gi-assets-advanceattributed-to
- npm@antv/gi-assets-algorithmattributed-to
- npm@antv/gi-assets-basicattributed-to
- npm@antv/gi-assets-galaxybaseattributed-to
- npm@antv/gi-assets-graphscopeattributed-to
- npm@antv/gi-assets-hugegraphattributed-to
- npm@antv/gi-assets-janusgraphattributed-to
- npm@antv/gi-assets-neo4jattributed-to
- npm@antv/gi-assets-sceneattributed-to
- npm@antv/gi-assets-tugraphattributed-to
- npm@antv/gi-assets-tugraph-analyticsattributed-to
- npm@antv/gi-assets-xlabattributed-to
- npm@antv/gi-cliattributed-to
- npm@antv/gi-common-componentsattributed-to
- npm@antv/g-image-exporterattributed-to
- npm@antv/gi-mock-dataattributed-to
- npm@antv/gi-public-dataattributed-to
- npm@antv/gi-sdkattributed-to
- npm@antv/gi-sdk-appattributed-to
- npm@antv/gi-theme-antdattributed-to
- npm@antv/github-config-cliattributed-to
- npm@antv/g-layout-blocklikeattributed-to
- npm@antv/g-liteattributed-to
- npm@antv/gl-matrixattributed-to
- npm@antv/g-lottie-playerattributed-to
- npm@antv/g-mathattributed-to
- npm@antv/g-mobileattributed-to
- npm@antv/g-mobile-canvasattributed-to
- npm@antv/g-mobile-canvas-elementattributed-to
- npm@antv/g-mobile-svgattributed-to
- npm@antv/g-mobile-webglattributed-to
- npm@antv/g-patternattributed-to
- npm@antv/g-perfattributed-to
- npm@antv/g-plugin-3dattributed-to
- npm@antv/g-plugin-a11yattributed-to
- npm@antv/g-plugin-annotationattributed-to
- npm@antv/g-plugin-box2dattributed-to
- npm@antv/g-plugin-canvaskit-rendererattributed-to
- npm@antv/g-plugin-canvas-path-generatorattributed-to
- npm@antv/g-plugin-canvas-pickerattributed-to
- npm@antv/g-plugin-canvas-rendererattributed-to
- npm@antv/g-plugin-controlattributed-to
- npm@antv/g-plugin-css-selectattributed-to
- npm@antv/g-plugin-device-rendererattributed-to
- npm@antv/g-plugin-dom-interactionattributed-to
- npm@antv/g-plugin-dragndropattributed-to
- npm@antv/g-plugin-gestureattributed-to
- npm@antv/g-plugin-gpgpuattributed-to
- npm@antv/g-plugin-html-rendererattributed-to
- npm@antv/g-plugin-image-loaderattributed-to
- npm@antv/g-plugin-matterjsattributed-to
- npm@antv/g-plugin-mobile-interactionattributed-to
- npm@antv/g-plugin-physxattributed-to
- npm@antv/g-plugin-rough-canvas-rendererattributed-to
- npm@antv/g-plugin-rough-svg-rendererattributed-to
- npm@antv/g-plugin-svg-pickerattributed-to
- npm@antv/g-plugin-svg-rendererattributed-to
- npm@antv/g-plugin-webgl-deviceattributed-to
- npm@antv/g-plugin-webgl-rendererattributed-to
- npm@antv/g-plugin-webgpu-deviceattributed-to
- npm@antv/g-plugin-yogaattributed-to
- npm@antv/g-plugin-zdog-canvas-rendererattributed-to
- npm@antv/g-plugin-zdog-svg-rendererattributed-to
- npm@antv/gpt-visattributed-to
- npm@antv/gpt-vis-ssrattributed-to
- npm@antv/graphinattributed-to
- npm@antv/graphin-componentsattributed-to
- npm@antv/graphin-graphscopeattributed-to
- npm@antv/graphin-iconsattributed-to
- npm@antv/graphlibattributed-to
- npm@antv/g-shader-componentsattributed-to
- npm@antv/g-svgattributed-to
- npm@antv/g-web-animations-apiattributed-to
- npm@antv/g-web-componentsattributed-to
- npm@antv/g-webglattributed-to
- npm@antv/g-webgl-computeattributed-to
- npm@antv/g-webgpuattributed-to
- npm@antv/g-webgpu-compilerattributed-to
- npm@antv/g-webgpu-coreattributed-to
- npm@antv/g-webgpu-engineattributed-to
- npm@antv/g-webgpu-raytracerattributed-to
- npm@antv/g-webgpu-unitchartattributed-to
- npm@antv/hierarchyattributed-to
- npm@antv/infographicattributed-to
- npm@antv/insight-componentattributed-to
- npm@antv/interactionattributed-to
- npm@antv/istanbulattributed-to
- npm@antv/knowledgeattributed-to
- npm@antv/l7attributed-to
- npm@antv/l7-componentattributed-to
- npm@antv/l7-composite-layersattributed-to
- npm@antv/l7-coreattributed-to
- npm@antv/l7-districtattributed-to
- npm@antv/l7-drawattributed-to
- npm@antv/l7-editorattributed-to
- npm@antv/l7-extension-g-layerattributed-to
- npm@antv/l7-layersattributed-to
- npm@antv/l7-leafletattributed-to
- npm@antv/l7-mapattributed-to
- npm@antv/l7-mapkitattributed-to
- npm@antv/l7-mapsattributed-to
- npm@antv/l7-miniattributed-to
- npm@antv/l7-passattributed-to
- npm@antv/l7plotattributed-to
- npm@antv/l7plot-componentattributed-to
- npm@antv/l7-reactattributed-to
- npm@antv/l7-rendererattributed-to
- npm@antv/l7-sceneattributed-to
- npm@antv/l7-sourceattributed-to
- npm@antv/l7-threeattributed-to
- npm@antv/l7-utilsattributed-to
- npm@antv/larkmapattributed-to
- npm@antv/layout-gpuattributed-to
- npm@antv/layout-wasmattributed-to
- npm@antv/li-aiearth-assetsattributed-to
- npm@antv/li-analysis-assetsattributed-to
- npm@antv/li-core-assetsattributed-to
- npm@antv/li-editorattributed-to
- npm@antv/li-p2attributed-to
- npm@antv/li-sam-assetsattributed-to
- npm@antv/li-sdkattributed-to
- npm@antv/lite-insightattributed-to
- npm@antv/matrix-utilattributed-to
- npm@antv/mcp-server-antvattributed-to
- npm@antv/mcp-server-chartattributed-to
- npm@antv/my-f2attributed-to
- npm@antv/my-f2-pcattributed-to
- npm@antv/narrative-text-editorattributed-to
- npm@antv/narrative-text-schemaattributed-to
- npm@antv/narrative-text-visattributed-to
- npm@antv/path-utilattributed-to
- npm@antv/react-gattributed-to
- npm@antv/s2attributed-to
- npm@antv/s2-reactattributed-to
- npm@antv/s2-react-componentsattributed-to
- npm@antv/s2-ssrattributed-to
- npm@antv/s2-vueattributed-to
- npm@antv/samattributed-to
- npm@antv/scaleattributed-to
- npm@antv/semantic-release-pnpmattributed-to
- npm@antv/smart-colorattributed-to
- npm@antv/statattributed-to
- npm@antv/t8attributed-to
- npm@antv/thumbnailsattributed-to
- npm@antv/thumbnails-componentattributed-to
- npm@antv/torchattributed-to
- npm@antv/translatorattributed-to
- npm@antv/utilattributed-to
- npm@antv/vendorattributed-to
- npm@antv/vis-predict-engineattributed-to
- npm@antv/webgpu-graphattributed-to
- npm@antv/word-scale-chartattributed-to
- npm@antv/wx-f2attributed-to
- npm@antv/x6attributed-to
- npm@antv/x6-angular-shapeattributed-to
- npm@antv/x6-commonattributed-to
- npm@antv/x6-componentsattributed-to
- npm@antv/x6-geometryattributed-to
- npm@antv/x6-plugin-clipboardattributed-to
- npm@antv/x6-plugin-dndattributed-to
- npm@antv/x6-plugin-exportattributed-to
- npm@antv/x6-plugin-historyattributed-to
- npm@antv/x6-plugin-keyboardattributed-to
- npm@antv/x6-plugin-minimapattributed-to
- npm@antv/x6-plugin-scrollerattributed-to
- npm@antv/x6-plugin-selectionattributed-to
- npm@antv/x6-plugin-snaplineattributed-to
- npm@antv/x6-plugin-stencilattributed-to
- npm@antv/x6-plugin-transformattributed-to
- npm@antv/x6-reactattributed-to
- npm@antv/x6-react-componentsattributed-to
- npm@antv/x6-react-shapeattributed-to
- npm@antv/x6-vectorattributed-to
- npm@antv/x6-vue3-shapeattributed-to
- npm@antv/x6-vue-shapeattributed-to
- npm@antv/xflowattributed-to
- npm@antv/xflow-coreattributed-to
- npm@antv/xflow-diffattributed-to
- npm@antv/xflow-extensionattributed-to
- npm@antv/xflow-hookattributed-to
- npmast-pluginattributed-to
- npmbabel-plugin-versionattributed-to
- npmboring-avatars-vanillaattributed-to
- npmbyte-parserattributed-to
- npmcanvas-nest.jsattributed-to
- npmecharts-for-reactattributed-to
- npmfilesize.jsattributed-to
- npmfixed-roundattributed-to
- npmgantt-for-reactattributed-to
- npmjest-canvas-mockattributed-to
- npmjest-date-mockattributed-to
- npmjest-electronattributed-to
- npmjest-expectattributed-to
- npmjest-less-loaderattributed-to
- npmjest-random-mockattributed-to
- npmjest-url-loaderattributed-to
- npmlimit-sizeattributed-to
- npmlint-mdattributed-to
- npmlint-md-cliattributed-to
- npm@lint-md/cliattributed-to
- npm@lint-md/coreattributed-to
- npm@lint-md/parserattributed-to
- npmmcp-echartsattributed-to
- npmmcp-mermaidattributed-to
- npmmizattributed-to
- npmonfire.jsattributed-to
- npmreact-adsenseattributed-to
- npmrelationship.jsattributed-to
- npmribbon.jsattributed-to
- npmsize-sensorattributed-to
- npmslice.jsattributed-to
- npmtimeago.jsattributed-to
- npmtimeago-reactattributed-to
- npmuri-parseattributed-to
- npmword-widthattributed-to
- npmxmorseattributed-to
- pypidurabletaskattributed-to
Indicators
- sha10a3dd44d361c34cd9036eeb3f49601160a636648indicates
- email[email protected]exfiltrates-to
- email[email protected]exfiltrates-to
- email[email protected]exfiltrates-to
- domaingit-tanstack.comcommunicates-with
- domainfilev2.getsession.orgcommunicates-with
- domain169.254.169.254communicates-with
- ipv4169.254.169.254communicates-with
- sha256ce7e4199506959fd7a71b64209b2c07b9c82e53a946aa7d78298dc9249230d01indicates
- sha179ac49eedf774dd4b0cfa308722bc463cfe5885cindicates
- ipv41.1.1.1communicates-with
- ipv48.8.8.8communicates-with
- sha256449e4265979b5fdb2d3446c021af437e815debd66de7da2fe54f1ad93cbcc75eindicates
- sha256c2f4dc64aec4631540a568e88932b61daebbfb7e8281b812fa01b7215f9be9eaindicates
- sha25678a82d93b4f580835f5823b85a3d9ee1f03a15ee6f0e01b4eac86252a7002981indicates
- sha2563427a90c8cb9af764445448648176e120ebc6af0a538158340cf6220de4d01b7indicates
- sha256fdba4191831a13debf9d8c0c940b0301c7b7f01d27f1b1c73ed3ceaa2db4103bindicates
- email[email protected]exfiltrates-to
- domaint.m-kosche.comcommunicates-with
- ipv4169.254.170.2communicates-with
- sha256a68dd1e6a6e35ec3771e1f94fe796f55dfe65a2b94560516ff4ac189390dfa1cindicates
- sha11916faa365f2788b6e193514872d51a242876569indicates
- sha17cb42f57561c321ecb09b4552802ae0ac55b3a7aindicates
- sha1dc3d62a2181beb9f326952a2d212900c94f2e13dindicates
- sha1de0fac2e4500dabe0009e67214ff5f5447ce83ddindicates
- sha1bbbca2ddaa5d8feaa63e36b76fdaad77386f024findicates
- email[email protected]exfiltrates-to
- email[email protected]exfiltrates-to
- domaincheck.git-service.comcommunicates-with
- domainwww.youtube.comcommunicates-with
- ipv4160.119.64.3communicates-with
- ipv4185.95.159.32communicates-with
- sha2563de04fe2a76262743ed089efa7115f4508619838e77d60b9a1aab8b20d2cc8bfindicates
- sha25685f54c089d78ebfb101454ec934c767065a342a43c9ee1beac8430cdd3b2086findicates
- sha256c0b094e46842260936d4b97ce63e4539b99a3eae48b736798c700217c52569dcindicates
- sha256069ac1dc7f7649b76bc72a11ac700f373804bfd81dab7e561157b703999f44ceindicates
Techniques
- ttpT1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
- ttpT1059.007 Command and Scripting Interpreter: JavaScriptuses
- ttpT1552.001 Unsecured Credentials: Credentials In Filesuses
- ttpT1041 Exfiltration Over C2 Channeluses
- ttpT1528 Steal Application Access Tokenuses
- ttpT1105 Ingress Tool Transferuses
- ttpT1071.001 Application Layer Protocol: Web Protocolsuses
- ttpT1102 Web Serviceuses
- ttpT1021 Remote Servicesuses
- ttpT1098 Account Manipulationuses
- ttpT1539 Steal Web Session Cookieuses
- ttpT1059.006 Command and Scripting Interpreter: Pythonuses
- ttpT1071.004 Application Layer Protocol: DNSuses
- ttpT1546 Event Triggered Executionuses
- ttpT1027 Obfuscated Files or Informationuses
