npm

rrweb-v1

rrweb-v1 is identified in the SafeDep analysis "Malicious npm Dependency Confusion Campaign Targets Genoma UI and Others". A dependency confusion campaign by npm user victim59 targets at least three organizations through scoped packages @genoma-ui/components, @needl-ai/common, and rrweb-v1. The packages use install hooks to beacon system reconnaissance data to a DigitalOcean C2 server.

discovered 2026-04-10

Threat types

c2_agentdependency_confusion

Malicious versions

999.9.9

Campaigns

Enterprise Dependency Confusionattributed-to

Indicators

domain64.227.183.144communicates-with
ipv464.227.183.144communicates-with
email[email protected]exfiltrates-to

Techniques

ttpT1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
ttpT1059.007 Command and Scripting Interpreter: JavaScriptuses
ttpT1036 Masquerading: package impersonation and typosquattinguses
ttpT1105 Ingress Tool Transferuses
ttpT1071.001 Application Layer Protocol: Web Protocolsuses
ttpT1546 Event Triggered Executionuses

Read the full analysis →