|
Malware:
|
CanisterWorm, dbmux, GlassWorm, hackerbot-claw, Hades, IronWorm, JS.Worm.ShaiHulud, kitty-monitor, Megalodon, Miasma, Miasma: The Spreading Blight, Miasma worm, Mini Shai-Hulud, Phoenix Locker, Python.Loader.Shai-Hulud, s1ngularity, SANDWORM_MODE, sha1-hulud, Sha1-Hulud, SHA1-Hulud, Sha1-Hulud: The Second Coming, Shai-Hulud, Shai-Hulud 2.0, Shai-Hulud 3.0, ShaiWorm, Shaulud, TeamPCP cloud stealer, TeamPCPCloudStealer, telemetry.js, The Spreading Blight, Vect, Vect 2.0, WastedLocker |
|
CVEs:
|
CVE-2019-5736, CVE-2020-10148, CVE-2022-0492, CVE-2023-29059, CVE-2024-21626, CVE-2024-3094, CVE-2025-10894, CVE-2025-30066, CVE-2025-55182, CVE-2025-59144, CVE-2025-59532, CVE-2025-59536, CVE-2025-6514, CVE-2026-21852, CVE-2026-22708, CVE-2026-33634, CVE-2026-42271, CVE-2026-45321, CVE-2026-45758, CVE-2026-46412, CVE-2026-48027 |
|
Technologies:
|
1Password, 3CX DesktopApp, Aider-AI Aider, Amazon Web Services, Amazon Web Services (AWS), Anthropic Claude, Anysphere Cursor, Apple macOS, Aqua Security Trivy, Arweave, Auto-GPT, Bun, Bundler, Checkmarx, Checkmarx KICS, CircleCI, CrewAI, CrowdStrike, Cursor, Dify, Docker, Git, GitHub, GitHub Actions, GitHub Copilot, GNU Privacy Guard, Google Cloud Platform, Google Gemini, Google Gemini CLI, gopass, HashiCorp Vault, JFrog, Kubernetes, Leo/RStreams, Linux, LiteLLM, Microsoft Azure AI, Microsoft Azure Functions, Microsoft Durable Task, Microsoft Entra ID, Microsoft GraphRAG, Microsoft .NET Framework, Microsoft Visual Studio, Microsoft Windows, Mistral AI, MongoDB Server, Node.js, npm, Nrwl Nx, OpenAI, OpenAI Codex, OpenCode, OpenSSH, Oracle MySQL, pnpm, PostgreSQL, PyPI, Python, Python Package Index, Python PyPI, Red Hat, Red Hat Cloud Services, Replit, RubyGems, SentinelOne, Sigstore, SolarWinds, Sonatype Nexus Repository, SSH, Stanford DSPy, Starlette, StepSecurity, StepSecurity Harden-Runner, TanStack, The Linux Foundation Sigstore, UiPath, Vapi.ai, Vapi SDK, VMware Carbon Black, WeaveDB, Yarn, Zoom |
|
Threat Actors:
|
APT38, Bluenoroff, CageyChameleon, CipherForce, CryptoCore, DangerousPassword, DeadCatx3, DragonForce, Elitexp, EvilCorp, GlassWorm, GoldWinter, HasanBroker, IndrikSpider, Lapsus, Lazarus, LazarusGroup, LeeryTurtle, MASAN, Megalodon, Miasma, NICKELGLADSTONE, PCPcat, PersyPCP, PG_MEM, ReplicatingMarauder, ResoluteXBF, Sandworm, SapphireSleet, SHADOW-WATER-058, ShellForce, ShinyHunters, StardustChollima, Ta444, TeamPCP, TGR-CRI-1135, TGRCRI1135, TraderTraitor, UNC1069, UNC4899, UNC6780 |
|
Attacker Countries:
|
North Korea, Russia, South Africa |
|
Attacker IPs:
|
103[.]75[.]11[.]59, 142[.]11[.]206[.]73, 154[.]47[.]29[.]12, 160[.]119[.]64[.]3, 170[.]62[.]100[.]245, 209[.]159[.]147[.]239, 83[.]142[.]209[.]0 |
|
Attacker Emails:
|
claude@users[.]noreply[.]github[.]com, github-actions@github[.]com |
|
Attacker Domains:
|
aab[.]sportsontheweb[.]net, agent[.]stepsecurity[.]io, api[.]anthropic[.]com, api[.]github[.]com, api[.]stepsecurity[.]io, app[.]stepsecurity[.]io, check[.]git-service[.]com, checkmarx[.]zone, github[.]com, git-service[.]com, git-tanstack[.]com, graph[.]microsoft[.]com, help[.]sonatype[.]com, login[.]microsoftonline[.]com, models[.]litellm[.]cloud, nsa[.]cat, oob[.]moika[.]tech, registry[.]npmjs[.]org, scan[.]aquasecurtiy[.]org, sfrclak[.]com, tdtqy-oyaaa-aaaae-af2dq-cai[.]raw[.]icp0[.]io, telemetry[.]api-monitor[.]com, temp[.]sh, t[.]m-kosche[.]com, webhook[.]site |
|
Attacker URLs:
|
api[.]anthropic[.]com[:]443/v1/api, api[.]anthropic[.]com/v1/api, check[.]git-service[.]com/rope.pyz, github[.]com/liuende501, github[.]com/oven-sh/bun/releases, github[.]com/oven-sh/bun/releases/download/bun-v1.3.13, github[.]com/oven-sh/bun/releases/download/bun-v1.3.13/bun-*.zip, hxxp[://]169[.]254[.]169[.]254/latest/api/token, hxxp[://]169[.]254[.]169[.]254/metadata/identity/oauth2/token, hxxps[://]api[.]anthropic[.]com[:]443/v1/api, hxxps[://]api[.]github[.]com/graphql, hxxps[://]api[.]github[.]com/repos/liuende501/nemean-hydra-34343/contents/results/results-1780551069887-0.json, hxxps[://]api[.]github[.]com/search/commits?q=IfYouInvalidateThisTokenItWillNukeTheComputerOfTheOwner, hxxps[://]api[.]github[.]com/search/commits?q=thebeautifulmarchoftime, hxxps[://]api[.]github[.]com/user, hxxps[://]api[.]github[.]com/user/repos, hxxps[://]github[.]com/liuende501, hxxps[://]github[.]com/oven-sh/bun/releases/download/bun-v1.3.13/, hxxps[://]github[.]com/oven-sh/bun/releases/download/bun-v1.3.13/bun-linux-x64-baseline.zip, hxxps[://]graph[.]microsoft[.]com/v1.0/me, hxxps[://]login[.]microsoftonline[.]com/, hxxps[://]registry[.]npmjs[.]org/-/npm/v1/oidc/token/exchange/package/, hxxps[://]registry[.]npmjs[.]org/-/v1/search?text=maintainer:{username}, hxxps[://]registry[.]npmjs[.]org/-/whoami, hxxps[://]temp[.]sh, hxxp[:]//169.254.169.254/latest/meta-data/iam/security-credentials/, hxxps[:]//api.anthropic.com/v1/api, hxxps[:]//api.github.com, hxxps[:]//api.github.com/search/commits?q=firedalazer, hxxps[:]//fulcio.sigstore.dev, hxxps[:]//github.com/oven-sh/bun/releases/download/bun-v1.3.13/, hxxps[:]//github.com/oven-sh/bun/releases/download/bun-v1.3.13/bun-{os}-{arch}.zip, hxxps[:]//github.com/oven-sh/bun/releases/download/bun-v1.3.14/, hxxps[:]//login.microsoftonline.com/, hxxps[:]//upload.pypi.org/legacy/, hxxps[:]//webhook.site/bb8ca5f6-4175-45d2-b042-fc9ebb8170b7, registry[.]npmjs[.]org/-/npm/v1/tokens, registry[.]npmjs[.]org/-/whoami, tor[:]//api/agent |
|
Attacker Hashes:
|
026588d39b7c650b5c0dfbba6c6fcc0e7ec8e3b72ba8639012e7f71c708f2c3b, 031ba872d5a84bfb18115f432811e4b45180346a1bae653f7fd85f918e7bb3a3, 080190bffcaafffacca1f0181fc9024aaaa21500ffdc9926fa5b689ba959965d, 09b2301d1589416e0d5fb7a602427a9850dee6713ffa741c0efcfeb1eb4c8952, 0c5077e51419868618aeaa5fe8019c62421857d6, 0c9c67ec40d5f23efa1ec3470d0ac88b4993ccc0e92be913fc29a337dfc4f060, 0d1e742c4f94d592d6b824cf7cb9dfebd8c2a323345080a6524d0352d1cd479c, 0dc06ecdaa63fe24859cfd955053c23245c536e4733480239d14bebf12688e35, 0fe6a098fe698e586188e0f2e851ef43f1a35958, 10c619e75181d07ddcccb5c1f62766c85fef08df, 1259284706ec9ffbcccbede1e8055c1a4fa5fd69885dfb982ccd06df2fb83d0a, 15b415ae41df72acf1f7e9e67569531d41dee62d089d34b4c0fab0c7fe5cc14f, 17c4312b50d69a6f61515edcf71cfaa8271fe2538b942128cfb639d021d042a7, 1a30a9abe20bab121aaa75ed040565af14e6cdfb745609ee0e7b94a2d814fb9c, 1a3b9ed0b377f56f49b9a703612cf45e86ab7d100587e1e7a476d809fe337a8c, 21b6409a7b84446310daca5409ad6112ac60a1e4bef97736e53fff5f63bfdef4, 25e121e3b7d300c0d0075b33e5eca39a3e6a659fb9cfee52b70ef71686628f1b, 288f26c2eadcb1a7923fe376d16f5404216cce15d9fc162a4a78574dc7df399a, 2a446171b4b981d98b5af6c5606bd63b1570040334210b6ab0a10901b2606fe5, 32d1bc728d8e504952083a6adc488c309a401c7df4dc8f47b382ce32e4aebe21, 396cac9e457ec54ff6d3f6311cb5cc1da8054d019ce3ffa1de5741506c7a4ea4, 3da2ca129c9920d9acd2e3477aee8f46b5a5f0e9537ad6e7b6ab1df1007adad1, 3f3f42d072bd36860ab7bd7fb5e10ac0d22c741c13c89505ccd6ec0ea572eea7, 3f8e522595f32277a0013c7ab0df3ecf336460b56e6b4be9130907f419db3b6d, 42e165602967c8e1a6fae0113a5179adbe33e18192244fe34b872db09c85e0e6, 46faab8ab153fae6e80e7cca38eab363075bb524edd79e42269217a083628f09, 4a0aa78757958683155a7b9289427fb829abcad1bf5ee6399eb73e8409b0bc11, 4b2399646573bb737c4969563303d8ee2e9ddbd1b271f1ca9e35ea78062538db, 545a1838c66e1771f58d84a17b3e1841e5eeab91a73f4ccc59c9492450a6d9c0, 57ba86f6f0caaa580c1dccdf4ed7873d1470e5ea2f8e9ca7a989dc04899f13c0, 5926b86b642e00672252953eb30d8f75cfb7797fe3118bd6fa2cfbee92905d61, 5c6cb758a3447bc7e0de34406919a933f9351e90ef04ec43f3bbb401e7004e1b, 5d7c93caf50a447a8d48cafe2e5cff6b47618b13, 5dabf08e2655c012e478074a2cea2b0d34e286c27265a26f3846fc45e5584501, 608d01124cd6b5b8c55888e984b4c4d9b06fa686, 62ee164b9b306250c1172583f138c9614139264f889fa99614903c12755468d0, 633ad8849a59e2bfb7a0fe589e816a07, 6506d31707a39949f89534bf9705bcf889f1ecae3dbc6f4ff88d67a8be3d01b2, 675294612f455fe6a9acb195f0cbe3687d8e2e34, 6cb3fc3650355973b8a1ed86619a3f412fb0700f29c1c3a736cada4c2c76a9f7, 6d332f814f15f19758d65026bbfd0a8c49671b319ec77b8fa1b27fc48afff7d9, 7557c4e782a0622159476d1ea10d5236, 7569d69cf3684a792ce63d19b6e0d9d192597963, 7b19ffc2f2bfff75989255e5e807d0f62513153de287eba9cc17003c1dcae8a8, 7cbace2a186cab2c652305b6e33c8eeb10d4a0ec3a0c8b795de012094fa0d845, 82d83274680df928fdda296a348e01802f595e412308c399565c320df444052a, 85b1ed56530bb64d925af4ca50faacd89efb1b63d615238a34adbea9f00e4754, 88896d478986d453f5da79b311de39d9b4b1bea95c21af1d8ef181b0f4e52fe9, 88d098c8d96e9ae17550e9798c3b62c420464b8c, 89f97557200bd26cc8941c9abaadac2d798a89562401016fbb2c757e3092dfdc, 8bf051251ec3b973e39a313547e53421a2f8d2f6, 8d2a09b3727b50f3d035b58bd35b90b504d24dda73a8a24e926a010a58ba5f74, 927387d0cfac1118df4b383decc2ea6ba49c9d2f98b47098bcbcba1efc026e1f, 94e8488fd033728eee6666550d5a94b0cc1f7b231d4d85d0affecb0615116722, 9566275be80af10b8c6be1d47bfcfdbe5590f472b1a9abd85bad24e0a9a7a891, 9b99482b75ee89f0d916f2743deeff381ea727e69c71491822477e67891841ad, 9c0425aa6e6d7792ac38d24f3e7245f42fcaa553ddfeb6bd97677017f10c3b75, 9e6c5af01438b52c9a411686c1f1b8ff, a150985aac1847e4a2e198f7ecccbbbc9443840699efd5a7654a006d61e1288e, a3894003ad1d293ba96d77881ccd2071446dc3f65f434669b49b3da92421901a, a8f0c75a77698759413dbadcb99b62709816ed42, a934a5bcf692b9d01e8129bf264be23809dfee464df471d75a9f3fa1bcede343, aab0659e13fa2a8e482139b97ae523aacec91a42b5f125a7b0952bf57c3ac864, aaf00d06baa3c679b82452c50014e9824b8874e9ca2d150f19095f8de19ba90f, ab9903d9edc720d1e11ea7d3d3e7a1c456f44ff7, ac2a2208e1726e008be6c73dc0872d9bba163319259dff1b62055ac933ca46b6, b19c2fd48535c8c40aeb3e627ce92775f33ef9292611767bb1236c238e6f90cc, b390d9f708760b799ee5482e8050ce093219140627fcaec6df8812ac9abb9a9b, b3e217f4354e8a4383038b99b0bcaeaff191a79df58e7a1f2355a79aac2faf13, b74caeaa75e077c99f7d44f46daaf9796a3be43ecf24f2a1fd381844669da777, b86c5ae9e95bd841a595440faa3eb6317441e746f241ae8fd641ab59ed1d1966, bbbca2ddaa5d8feaa63e36b76fdaad77386f024f, bd8035203536735490e4bd5cdcede581a9d3a3f7a5df7725859844d8dcc8eb49, bdcdae644bdf6285d01a986e1b8feb7ec4060e2c7d5f5e2609c16718922b7944, c178cafa2b3bcbefbbc283b5ab8fc6143e46650631f72451a44327f146a609c3, c2a60face766f69f82c972375f35f8ebaa45d6c464176974e631d9a78d6bea0a, c539766062555d47716f8432e73adbe3a0c0c954a0b6c4005017a668975e275c, c5443b06aeb12dbf16046f9a8c9446d30e22655110e1e06919406d6f01a14ac5, c611e49ea46c91013448942c26049741b434cb5dac55fff7c376ca6a4f28580e, c95506221d18936328fbc7ddcd21e3dd, c96f37e1b9cdc9683a300909492ed9f770b620d0037e5b80e23753cba7ca4077, cbb9bc5a8496243e02f3cc080efbe3e4a1430ba0671f2e43a202bf45b05479cd, ceff7c51d70832c3ec8dd2744b606a23b3c924ef664ae23439b9b742ea154108, cffc487ee978f7bc06e3856b286940940658884847d38b619a137b8272a75980, d1999fd543085918dd542322c6455abde3c57a93b8f7ce871b8809c8bb744af7, d543bb3cdf1569c2b3d38c8a4081ed746cfe78bf3236c2302704d79ab7fa9558, d590bd375d95e4ac072b7ebc1fc4489bcaf5f20a939e92486267aa398bcf1e5d, d5a97614d5319ce9c8e01fa0b4eb06fb5b9e54fa13b23d718174a1546444123b, d8d170af3de17bb9b217c52aaaffdf9395f35ef015a57ef676e406c121e5e223, da39146ef451d1b174a24d00b1e2a45cd38d54e849737f8f35333dcb22175707, dc48b09b2a5954f7ff79ab8a2fd80202bd3b59c08c7cdbc6025aa923cb4c0efe, dc67467a39b70d1cd4c1f7f7a459b35058163592f4a9e8fb4dffcbba98ef210c, de0fac2e4500dabe0009e67214ff5f5447ce83dd, df1732f5bfec12e066be44dee02ec8a243e4868d38672c1b1d065359dd735a14, df9ea0c71574e11c93141ad2f018a63a5375cd6d69ca2f744732ad7814170657, e1342a80d4b5e83d2c7c22e1e0aaa95f2d88e3dbf0d853a4994b180c93a4b17d, e3dbe63aded45278f49c4746ab938ed9472b36def79b43e2dd2d7eff014481d1, e5f73c888f1250a8895680801975cf177e8c690defd4a999e56f6c08ff64deb8, edd86c0efd776a6bd934fc7b0d4d6da2b256e147cfa83bb0c2814e81d849c427, ef641e956f91d501b748085996303c96a64d67f63bfeef0dda175e5aa19cca90, f0641e053e81f0d01fa46db35a83e0a34494886503086866d956d14e81fd3e1c, f099c5d9ec417d4445a0328ac0ada9cde79fc37410914103ae9c609cbc0ee068, f1ffdbf5e639899f26a6ebab2eec408d, f3c5c21274045ae02fef11e931de6dcf8462a067, f565988f281bf77bcad26ea7f543617e53da4b62f5df63d4f7a89bae1729cf81, f7c47be306351ffacd46584d2067f7be676dbfe17cd89ab4880632decfe18f3d, f88258e21592084a2f93a572ade8f9b91c0cd0e242f5cf6121ed7bad0f7bdd1f, f961d6897c0ec586cde633e100865b5b1d435cc7c301dbf0f41298ca5b42e17a, fb174de58e6825fed16de26d74ffbcacd74d371951e3064db51cfd700146d86f, fb5c97557230a27460fdab01fafcfabeaa49590bafd5b6ef30501aa9e0a51142, fd64413119575fa119eaa9f94d32208c7d916796 |
|
Victim Industries:
|
Academia, Artificial Intelligence, Biotechnology, Blockchain, Cloud Infrastructure, Cryptocurrency, Education, Financial, Financials, Financial Services, Government, Healthcare, Information Security, Information Technology, Life Sciences, Manufacturing, Pharmaceuticals, Professional Services, Public Sector, Scientific Research, Software, Technology Hardware, Telecommunications |
|
Victim Countries:
|
Austria, Belgium, Bulgaria, Canada, China, Croatia, Cyprus, Czech Republic, Denmark, Estonia, European Union, Finland, France, Germany, Greece, Hungary, Iran, Ireland, Israel, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, United Kingdom, United States |