Self-replicating Shai-hulud worm spreads token stealing malware on npm
A self-replicating worm named Shai-hulud has been detected on the npm registry, spreading through compromised developer accounts and injecting malicious code into legitimate packages. The worm steals cloud service tokens, primarily targeting npm, GitHub, AWS, and GCP. It also installs Trufflehog to detect additional secrets. The compromised packages include popular ones with millions of weekly downloads. The worm's functionality includes auto-spreading, token theft, and exposing private repositories. Similarities with previous npm compromises have been noted. The impact is significant, affecting numerous developers and organizations across various industries.
AI Analysis
Technical Summary
The Shai-hulud worm is a self-replicating malware threat detected within the npm (Node Package Manager) ecosystem. It propagates by compromising developer accounts and injecting malicious code into legitimate npm packages, including some with millions of weekly downloads. Once a package is infected, the worm spreads automatically by modifying other packages, creating a supply chain infection that can rapidly escalate. The worm's primary malicious functionality is to steal cloud service tokens from environments such as npm, GitHub, AWS, and Google Cloud Platform (GCP). These tokens provide attackers with unauthorized access to cloud resources, potentially exposing sensitive data and infrastructure. Additionally, Shai-hulud installs Trufflehog, a tool used to scan repositories for secrets, which helps the worm identify and exfiltrate further credentials and private information. The worm also exposes private repositories, increasing the risk of intellectual property theft and further compromise. The infection vector leverages the trust developers place in open-source packages, making detection and mitigation challenging. Similarities with previous npm supply chain compromises suggest a recurring threat pattern targeting the open-source ecosystem. Although no known exploits are currently reported in the wild, the worm’s ability to self-propagate and steal high-value tokens makes it a significant threat to software supply chains and cloud environments.
Potential Impact
For European organizations, the Shai-hulud worm poses a substantial risk due to the widespread use of npm packages in software development and the reliance on cloud services like AWS, GCP, and GitHub. Compromise of developer accounts and injection of malicious code into widely used packages can lead to large-scale exposure of sensitive data, intellectual property theft, and unauthorized access to cloud infrastructure. This can result in operational disruptions, data breaches, regulatory non-compliance (e.g., GDPR violations), and reputational damage. The worm’s ability to steal tokens and expose private repositories could facilitate further lateral movement within organizational networks and cloud environments, amplifying the impact. Given the interconnected nature of software supply chains, even organizations not directly using the compromised packages may be affected if their dependencies include infected components. The threat is particularly critical for sectors with high cloud adoption and stringent data protection requirements, such as finance, healthcare, and critical infrastructure in Europe.
Mitigation Recommendations
To mitigate the Shai-hulud worm threat, European organizations should implement a multi-layered approach: 1) Enforce strict access controls and multi-factor authentication (MFA) on developer accounts for npm, GitHub, and cloud platforms to reduce the risk of account compromise. 2) Employ automated dependency scanning tools that can detect malicious or unexpected code changes in npm packages before deployment. 3) Use token management best practices, such as short-lived tokens, scoped permissions, and regular token rotation, to limit the impact of stolen credentials. 4) Monitor for unusual activity in cloud environments and repositories, including unexpected package updates or repository access patterns. 5) Integrate secret detection tools like Trufflehog into CI/CD pipelines to identify exposed secrets proactively. 6) Educate developers on secure coding and package management practices, emphasizing the risks of supply chain attacks. 7) Maintain an inventory of third-party dependencies and apply strict vetting processes before incorporating new packages. 8) Collaborate with npm and cloud service providers to report and remediate compromised packages swiftly. These targeted measures go beyond generic advice by focusing on the specific attack vectors and propagation mechanisms of the Shai-hulud worm.
Affected Countries
Germany, United Kingdom, France, Netherlands, Sweden, Finland, Ireland, Poland
Indicators of Compromise
- hash: 003ffad46ad3bca7f00252adee39f8f32345bd43
- hash: 0063c7524a71500459a9a66f906ab85146b440df
- hash: 0072122333af7439c26a1667df5205d4d65af1b2
- hash: 0080fa150e875fe5a1c680e79267af73afb5fb95
- hash: 0096cf6dd7d10755c76f66189b882b56d2d3bc0b
- hash: 026e4b7da1f1cee9ad99cb0fd6a1d255fe2b17a3
- hash: 03225c19bee852cbc8e60424f8e63914119ce40b
- hash: 0490214387616c1265447752310136352545831e
- hash: 05307d8af5bea87f5ec60aaadcdd7be5a0f2e3fd
- hash: 066b0294e11a90cfcb11dad16f3d5557712c7ebd
- hash: 06cd5c05d0f744d759daaf47d532093f3f181406
- hash: 06db2f70510bd4be0a07f94a6b72892c8aef2cdc
- hash: 087e06ddade4a3a91292f550173f8470c49b5c36
- hash: 0c708c8b4d02903233ce1d3913353e4ab9e33ce9
- hash: 0c9b280e183cbf5276dc6b9650ea3fdd93fe2123
- hash: 0f2d98464cdaa2211a27977596c0c0652862302a
- hash: 10788351b07d79534c26ecf23b21448476c38bb9
- hash: 10e0c7a70c43192e328efb49b32022386e0153c9
- hash: 110a6c4f5d41aee757d77aa19aa9a689ab754cdf
- hash: 118ef85bd41f226651811314a17fb7ffba1e89fd
- hash: 120e92669585a501b7676b3d4ca6239dd08c4f85
- hash: 12a2badfe08b09efbbe86052b5938ba9965fad39
- hash: 12fa3f0c96ca52b114448cc5caa73d37af104bff
- hash: 13af3719a7dabcb5b4a694a172a52cb14df19a2d
- hash: 13f4230e8fad87054239f365636c85ff8656236b
- hash: 13fc4426a084e0046cdea50d6fa46af1d532b570
- hash: 15600f4ed3aeed95cdfa3a0722555a4e6c1aade5
- hash: 1751fe471fe83e2ea704f227077ca0fd4b339858
- hash: 177bee8c32779d3df154f52aa60ae32c65abfa53
- hash: 17b464cbf81e074aaed24eb87c02d567f56dcfce
- hash: 18e323f15332a80e13037cf71fc632b4a7c79b27
- hash: 19361ef0716b83d0ae88878fbb29dfaf7e64efbc
- hash: 19fa34ce71349720cd9bda9ca3cb529bc31550c5
- hash: 1a510a951e0fc186b99e313d94ab6ab72a6cd9d0
- hash: 1abffe88070892b714cbd9b52903ede4b7f51301
- hash: 1b15ec68abb696117242013e543bf21c991bbff9
- hash: 1b6704faf237f65c83e1856c1c5f6efa9ec0e9ab
- hash: 1d96e59c100997baa323f34b0584231bac7e5c6b
- hash: 1eb92906219550b13517ff254cc38c81e9cf5f2e
- hash: 1f86a2dd3636c1b3f6754bc8ad760c1154a8eeee
- hash: 1fca43f86a0a4c1697982c4659565b6532d2fecf
- hash: 2095e7fa04d2017a4d03b14b2a4a978c076772e4
- hash: 210204bb7b25cef1a9ebe99f7215f2eeff2e5824
- hash: 21357b8d7070e494770dc1893690cb997f740f64
- hash: 22a00ac7a42f013e2cac82cf4a873dc6b064ae48
- hash: 22d7593d921a31bb662a81a99dab6dcb97af2c57
- hash: 240bf4209c195b352661376736eb37c1848fc866
- hash: 254071afdb95e945a2098fe598ad972edea624a6
- hash: 2548941c5f9b6b9136cc13983bfa7a67cd6ed6ef
- hash: 255d1c45b8c6617da82036d6d2671635b7b5b4e3
- hash: 258baa048dbaa7ca2b6e795eaea231d4ae701afc
- hash: 287a71e7df97b6c1cc10d51a4c18f8a1ce23cba0
- hash: 2a6d6b4fcf5e5b6f23b1c0ec9c5f2dd522aaa787
- hash: 2ad5fdb982e406b6817225f0a4edf30262a8ed3a
- hash: 2c4f2019fc348539c97d75edcedd811e79bf1288
- hash: 2d85a99dccfd2814b3708511dc20039d62dde41a
- hash: 2eaf147ef0a371050f3f1cec559ab9d2862036ae
- hash: 3038d9666d04549cd391e3eb7e6012c5a411ea91
- hash: 308a65f72791b5082369dbc52faa70281b24668b
- hash: 30c772252f31bc9d44dfa430a4476f3a2022e895
- hash: 30fc1482630d145d4bbd966ff1b8a61498694ca3
- hash: 310a7ab4c3fc611e7dd3228b37052a841ff494d6
- hash: 311bd20dc28b1db74b26e9ee6fb0b99fe401ec5a
- hash: 317c491606e651a49db9873aed3a25fe2d7b9d6f
- hash: 31a8730a11fc6cbf1bbdd216d7053949e908c50f
- hash: 320facebe79fcee01094aec1727a0584dd19728c
- hash: 32547a2862896cb2f96ac23284fc5e979f0e2414
- hash: 33a7132f70ace01638b8ee61b68815376e56f005
- hash: 3423b65bb0763ab6f7f739f732d44e014fc38e19
- hash: 34523ccc99f97688db11eac7ede7f998c5998d5b
- hash: 345989a561fbde9bffe1bfbc5866f874fc9db923
- hash: 35187a7ee832909f901a713be277bb636692f422
- hash: 3563ab863a9df12638c628b00c36ca2acee6e547
- hash: 35d1b0e71c952dea1825e5533828d69637b5d30e
- hash: 360e336ab65f10b537f93faac185345ea907e678
- hash: 36817c28b5af8368412e1a64d2f0152a433d2ac4
- hash: 37a6b73233b03a6eee735cb39122f677b783d23f
- hash: 382b2e158f2f6a2efc70513bf8c7879715bf908a
- hash: 389ecdcdc731e939261a597f11026b7ee216c77f
- hash: 398bda76a8948d47b8bee4412bc5464cb08cd62a
- hash: 3ab7860deb3bde7a324c12cbbeb5532442f56709
- hash: 3b7e58ab4a089f530c5d07de8cbdbf28645df51b
- hash: 3c5b060c1a124123a7480cd57d9db98b52a638c3
- hash: 3d5425b61125c257b30d021673cd61132c2b18c9
- hash: 3dc768eeb76b49a2d7064b72adca5822b486285e
- hash: 3f6ad78b44f30e9f61d0a69251e709e5f4a02954
- hash: 401831d474a9597445ace62baa3b656bca97417d
- hash: 403ef6e62c8f8803aae156898a1167f8b9085b53
- hash: 40b9aa9f98dc6073e04a56fd9d3596e4abefc596
- hash: 4223c5eb6d4d8b757e8be054c56417611d47098e
- hash: 4331d9d2fa8eda602d6d03146d04d5afe22e916e
- hash: 47a73e73050a8883ff08568df024cbe3e2d6b639
- hash: 484b9545aa4425d31b9063d84df6754410215198
- hash: 48932e2c66fb9fd103cdd2a4c0bfb77483061511
- hash: 48f74f6af4a5932945b41479c734560ace278999
- hash: 4c1dd52439bc643280124a1987ec0aea9cdfbe06
- hash: 4c65f7bf4974a2892e2867dad270777cc1b1f0e0
- hash: 4c6aaae6c2f7e6b34e72a35f19ba686a6df76660
- hash: 4d07d9859fa20c5f287d699ddbe0ba1762ecf728
- hash: 4dc5ee4c3152541d892944c7599b81c8d6b1afd6
- hash: 4df5a8002dc1f264f5403f4ae8846f5a9de3fa03
- hash: 4e5e70b023b5d8f0983ba69d2fa2788b86df6d54
- hash: 4fd67072517195ee728a17533b065a0e9ad8150b
- hash: 527b3bbcbb86e88a2f51199bc21e12aec19bbb62
- hash: 529a4a783d464070f6b6401bb3baf1535fee345d
- hash: 567c818f028102701b31822817136b8af42f461b
- hash: 5694d8c0c8368ead7cece24e0ae37b754df467de
- hash: 571549715b590510f535fcb3e82920888295bc52
- hash: 576fa07c3562822a92f20954693ad5e10db2375c
- hash: 58cf961afe349338d25ed0eb610310d02a2a1bd3
- hash: 5906e25493da68038fbb9d4325d46e2994d75d64
- hash: 5998c5fad96b4a1b91ae490ad4902680ca15a311
- hash: 59e3b10efec96f31c90a15d0b3cdb3c3a3474ed4
- hash: 5a7b8aa05b0a291b1fbe99d499ccc63b8aa71b79
- hash: 5a87d68716cf9d99ec90835d623559bead2a76d3
- hash: 5acc34cf4df6235952c5dd0c5fefefab27ce5590
- hash: 5b6457cd206d7e5154886a877d5c330ca4d01b4b
- hash: 5b8857a6b61b9525aac325e4b3a79c3244005633
- hash: 5ce815ae8dfdb07fb5ebbc50643410e5f63daa2a
- hash: 5cf876f82760193d2d068f3c5e1a24c7138002b1
- hash: 5d52b179e5fca147958aec81a2b9d321ce5fd60d
- hash: 602a9c12e35b78e0608a163495b5bddb5c2dc0fe
- hash: 60358631cd4fb8b529814623c09524ca8664105a
- hash: 61217d6a1b8d58b28a5bfe811aefeed96fccd446
- hash: 614ddebdf1fd288070c2275c70b989348879feae
- hash: 61a401e669a33cbd38ca717fda0e6bb86665e9bf
- hash: 62092c345d57fe75256d0e2d1d0b694c8bc51bbf
- hash: 62649977353e0dc5701c2f64344f450a12cb7484
- hash: 640376c96617c1845378137b7a1d9cb74928ba20
- hash: 647c831e11d264b78028e422e40d86bd8ce780de
- hash: 64a415ff23f6388ab9c3b9487841303c6bf38ede
- hash: 64ee393bc818f70708524859bc19401ee21b0013
- hash: 659820cbbcc8423a61db462dfe64ca30a9176203
- hash: 66e20f881eb94efdc0958ffb5569741b5fee510b
- hash: 676be89a74e3bebde560fded35dabd0f8e00cd3b
- hash: 67c50e318598acccef483929398d27fecbde3c76
- hash: 68a6d3c07d849ad799f25e2b0c6bc08718d23f99
- hash: 68e74c4250af9845f3c193b74e91124f2888de50
- hash: 6bc7f46b3bdb3021d57782f27028030d95b5ce38
- hash: 6bc95c243a33da1ff9ef09ba518da1ee58e44ff4
- hash: 6c28175816158ec4d2baecffad3deb786ff86581
- hash: 6c88f2f424d0a36cd9d63e399f3985f7d56600a4
- hash: 6d934e3e5ba69ad11c985b7762a4d6c927fb3d98
- hash: 6f3726f245f371b35541eded21a1b0ee113311fb
- hash: 6f6b53f38e2e1880ed82810dc5fce39cdd942155
- hash: 6ff5d0a39979ea1f20f10128cfda5db2efcf78fb
- hash: 711cfa0503a965e901a943798923bd5a181eda67
- hash: 71438f3f4e66f8a8e63a4009b39dfd62ceb1ee99
- hash: 73233bfb4ee82584594ae8388c2201d6ed16eee6
- hash: 741c2c511901178f4c4272fcfcaf00cf00b7c8be
- hash: 74c548516d344a18949b85daa130f312e35bb6ce
- hash: 74de479293d9a47cce99c13f25e15103d40fbd0f
- hash: 7506b6c4d77b1338a5d489a6fae6c0f1f29460ea
- hash: 778f311c19e6cb93ce739b8b64cbdd530355d52e
- hash: 784dac6eae8261e32152f667286dc38e53b1bbcd
- hash: 78f3a5b3d43d9d7037d3819cb338084fe4445539
- hash: 7951f1906b56a4efa93df963fc6d84c4a9704452
- hash: 795f4a1625f49b754da8ecf8ca7ee374d203f435
- hash: 7a1de8b9591a6920f980c7662ff9949642b4d0d4
- hash: 7b61753a2103e7f64318a3e707feb3bbb36d92a1
- hash: 7c1454a3907079182ce7441def94f21e7e3fb554
- hash: 7c613b0a9a0d3a004f567fc90da4ae472f6c736b
- hash: 7c96e8d4e0fbe8acedfc56cd08e2adb66afeeed8
- hash: 7d6141ba73cefa92d86ea24cc8f6699b8035e29e
- hash: 7d7f924bc9eeafea04c11d49a2903ecf84eaebbb
- hash: 7d9b1f7f4f481aba7a6a469a9297b716c62f99be
- hash: 7e65df9d8bc61cc9698c79d5879f4b193cc7dfb1
- hash: 7f82d532cc23945265391d54097f9f480142c161
- hash: 7faed5f3f91d69c9e75b102e43d00cbbfcb2e794
- hash: 8191b7a4f9710e20a270fc07769a7aea5fc194b2
- hash: 82600ebc40dae8ac100e4611738e30d8f99cd352
- hash: 83352fb0f053fad895c79b42ad6d3cf62dd17e06
- hash: 83ddf0bc25c6e88d45704fbc813761fca4179193
- hash: 845a1e93818f8860ece4c9da82884009b159921c
- hash: 852391435a52bb19b5e008d0306e6113f5c178c8
- hash: 85538b42f006e31ce802b5cc5fdb5000ecaf9998
- hash: 87e624c96b4e113bbeddb7c251687d614f70e8c3
- hash: 8820c2a858b73c91eb9567355dba4b6911bb2eed
- hash: 885408eaba607eae0b325332e16597c95105a071
- hash: 88a1b7b4dfe55bfcf33ee73520506596c3b11f05
- hash: 88cfd1228ea1c8a22ced8b103c4e55c284f6225b
- hash: 893f7d22e9e2a9f50ae583522bcace960a706a04
- hash: 8960070bcf368cb548f80756e22170836028897d
- hash: 897513887c92230ff0244cd51cd8f29664df28a5
- hash: 8b547b4d81002e1fea9609e479ca9d960bdaf4fe
- hash: 8b5f31b22ac158f488179c49e718043e6bef25ef
- hash: 8b88d5346ba09eb39b708ef0026790ee015b2fe6
- hash: 8b9873af85a6f4a5ab24d76dd97dc3fa83a53dd6
- hash: 8be68bfc0d8ea36f5a091c8bb3bac0396dbde3de
- hash: 8c9e509a486a243910491fa789ea8897a5b12c09
- hash: 8d33988a9f1c404c757b9bd474a1dc9e632d0882
- hash: 8df342eb91f9a325df8b6224af84019bf6cd1f6a
- hash: 9094b2c603f4ed27c43c5dd43aa88042dd869838
- hash: 90a6096f7c835adcaa6fd55a46d86a39c2d23e04
- hash: 90b442685ac930390102205534b9b15cc25f2d06
- hash: 90f59eaa4385641055b328fd2b0b5ab8d310301f
- hash: 90fb283db12bcd6d4ead5f23b49b660fe060d451
- hash: 91255a47be4f1a3bdee2646d82ca412087708cab
- hash: 91af64987e656a34c42438e8e1bb40cc1b7f4508
- hash: 930719f947239b5ddf61ca30ed5583ace8b95ede
- hash: 932608d1ce4a27c9ee27ff94d68a0b511470eabb
- hash: 933d64001fc0459dae8a0449e08c662c734a6f0b
- hash: 934de881ec1be63301a8fd64ec761cc0a41c2ba5
- hash: 93fe3f8a095b4d4000b95c8eecb029293bf6912f
- hash: 9459764f29b525e068c890663c79ec7ef81e9496
- hash: 953dc4903d8a08f21d0a7cf49f01a1fe9f219434
- hash: 960aab3849afce2f6ab148cfdf8d37cb5e681f69
- hash: 967bcd5cf05a814b9e14895183fe1e00fe06c8fd
- hash: 97dd6150e9390a09ba561bebb719d10cf153b753
- hash: 97df17665971e350f672c908043265ff72c9027d
- hash: 98b48eb833fa7c4efd2e5614ea8eee707d6a0a9f
- hash: 996e65e1b433acace71844e61707068cad2e48dd
- hash: 99883d3c767c292a3c71f7bb0ae8bcd2e558c571
- hash: 9b9a438091a5647e4ceb336fea424a384756183e
- hash: 9c06ae302b7fa55d679857b4f327abb63b4d48d9
- hash: 9d7217be91c6da2de9ebac80aa7f7234071697d4
- hash: 9dd491b1b2faa10419198cadc25d0b30d46acba2
- hash: 9fa8eaa98cd9cb7407f1f368a9f2acd133e1e1d8
- hash: a0aade7704bf7fe660823a61705dfda12734da2e
- hash: a12e996d90f783e67ca0b1a83eea0db2f099d003
- hash: a134cb5a9c3187c7e2419ce5981bc8365cfbb1d7
- hash: a1a3451d41b4d7e46080ed4ead5a2270cf8c434a
- hash: a21ea668986d01115824e61442308842ad4e3352
- hash: a28500d7adbb44e9fb29cb64401077ccfa2725ea
- hash: a28a7b4cd232a7935fdf9495b439a8d54ececbc6
- hash: a33d081002d21fa5105203df68d82df5d1857977
- hash: a3ab92d9dd7c337696d540d29e4ad82c472c3a4f
- hash: a3c6ec9670b239f7f69e41b99adc72f9a8894495
- hash: a4cf109edf9241d35ef736ee01b18b7490b6f52c
- hash: a5e233a8801faec95d35a703c0ca701e95048b35
- hash: a6f0ac3737e30f477d9466aab217e9925f3246ce
- hash: a76e27340d18fa060f0ad2fb6356cdb33c0a517e
- hash: a87cbf0a4cefbce50aa699641df2b61a833bca97
- hash: a92eafa302c3b910196fabc7387ac1bf01df1ad7
- hash: a9990a5a9c470b631522f2d5916446c4bac85ed3
- hash: a99abc7faa2a12bc661af4a75d772068ed26d1a8
- hash: a9af7a973c11192c6656a9a175102beb497051f5
- hash: a9bd726a1c567cbf8be371de175298c2ba10b19b
- hash: ac411d816215ea980a8e0375ec34bbaf9456eed7
- hash: ac9b23db8bac7ce84d507b73628818814a6fe24c
- hash: aea3cb5108e29c7869890012d06a7396a8b29ec3
- hash: af797c0a93b635e0fa17b5d6b08038fa4cd2db16
- hash: b0fec9e0e1855df3f154f021489848087b5f8762
- hash: b146a5c835f456b85f4c4b05003bee82deb2d4b5
- hash: b197cfd9bfbb94ffdf3dc2ac26cfd987ba66ae1c
- hash: b1fb89ed6bd2d5e0f8c1958c080eb47ff2e6c01b
- hash: b582920e855e1e2c6ada833b9bc847fa71b705ec
- hash: b6003fe43666d12f190d51f5279c44c480dd63e6
- hash: b624a8aa11fb92008a5d2833090735311b969877
- hash: b64401062ed84bacab8d6de8d6865d05978cd713
- hash: b6501d1eac8e9e9faa7d54cab6058bdb1072e682
- hash: b65a8f02bcc425e9f43f44c4062e57a7ed0bb4ac
- hash: b745835142c52bfcc17cc7d937fead39a7196eeb
- hash: b7ba4864a1aab4ba632c9c0fe1fcdc2fb0c268c8
- hash: b95d8b582445b8c2b9aa62329fde4ca6ed7fbd0e
- hash: b9693e359149d8d85184f00dea3aadac74aa491f
- hash: ba60d4d997dd7367fa3490d1a39cf40ff2733504
- hash: badf1b89443fc68e1369dd753eaeaac784e9df1b
- hash: bb5d7c3f23e1b5218f7a718f0a627cd0e897f39a
- hash: bb89a120088691e2bd055678ed5c4ccb9a0c924f
- hash: bd839fe0b70def1c8ac7b6f3c9d6e8be16d6ddc0
- hash: c1fe9ce3cd6cacab31a8667294dca65faa0f3329
- hash: c2f0cc5734af74e244ff7ac34ea45387d813a22d
- hash: c30927317377e66447b94ab5fbebb222123cf7e8
- hash: c4a7f650aa3281fbb8c518eeb5254929e00a3651
- hash: c5012da7a0588bf39f4666a83ce43e11f70eb655
- hash: c68054201d511f2135750edaef49958b4587267f
- hash: c6a544ed98b9a84cd45e115248b1ae3af79f075d
- hash: c796d3f742f08fd89f052c9ce0371665ff23cd1c
- hash: c7a9213783333353d635e9949705294bb2662c38
- hash: c7d64660cd39ab9ae3a57cb2c9bbf7a89cf559c7
- hash: c85966a482146b1d3d9e92d2e08d2e4ea8be643b
- hash: c86e40c248604f06e220675de5ea0af17711fc66
- hash: c8ae5c76dc5837e18736678e928357a575a28a9f
- hash: c9011fb8316e2cc639099643d42909aa32f5f85b
- hash: cab67ca4f2051efb640e5b73b5faea6c2b7af4a1
- hash: caf629df8ec99ba641873e887a9d3e17bb2e040c
- hash: cb45e25a49b4cd39f6d769d5c381701619707276
- hash: cb81069ef7b290660f9f640a56cfab33bd5764df
- hash: cc289cc72e44d3863d4d099bc1a597fec17821c2
- hash: cc7371ec3fc1ad9a62cb246e5885f13edf5fdeca
- hash: ccb7989988f61539928bc49637ec5aa76d350cb3
- hash: cd11335d66bed36e237b91ed2bc1b8ac0dc3c560
- hash: cdecc1d75cc5f9f03c7b6c0d96fe0ca1476ee049
- hash: cee131c1972396e0f0b2bd39c49d41a0806e2409
- hash: cefb886c65d58dec552d217bf2e6bbfff900a067
- hash: cfb5b91d5cd26eefa1bec6bf7f281d1f978d9b2f
- hash: d02f0f2ea5c9b1c29e5f6aae4fa0677f99b03cde
- hash: d04365647522fa3f5f4e4279dad1666b442812e2
- hash: d0af49cbe1564999993f78611357780d5ee52f43
- hash: d1c4c5d62cb29b32918227c6def85f4867392919
- hash: d1ebfcb06fbab215f80a7689b99d880270f88cf5
- hash: d36e5dd827d1b316e641a28bd4d1fb74b209d6f4
- hash: d3eaea409b77c9497adbf544563a2abb197f1d95
- hash: d42991857e0d782ce3b8cdc43ee2482e96b5884c
- hash: d43347437dd29a3cae7bc1444a86d3c9cad281ec
- hash: d4c71b45ffe55cb8c83a34af47c768c31c528a89
- hash: d5d59f23fb67853a7636a6798d5fa245733c00bf
- hash: d64d6c775c37bf4c1a19c5ec9354f9caff435eaf
- hash: d7e800c37d67d878149fc7a6fb1569a654f928e5
- hash: d8c0d20a17951f0b8a85c7cf5400d98841e17de6
- hash: d923da975d139aaa665f35b8feacbe6efead4dca
- hash: d93c8c3688745239be212f87df64edb7e2284910
- hash: d9f7f7f88fbc8094b721968d150af696913fa590
- hash: daa020b17b23a7d9f83048a626ea8398bedad195
- hash: db10e35377f42be2016c15ed6caf95295f34aed0
- hash: db4428be64a256f77f82f58237b416ba3ca0f16c
- hash: dc3c63c58f1f1fa2117b1657114b5d7e4c44c850
- hash: dc9758c76a361fe4a17d0cd51c9f8e5510f68cd5
- hash: dc9e84f92048b0aa78e0a17ae69708ee7aeee349
- hash: dcea1fdaa6621072fed6962e3461e18c22f7261d
- hash: ddbf3395f4d584e2a788b15061e85c2d17fb1509
- hash: e0ac565baadd1f2a34b672549029b0fea57fe253
- hash: e1ebff1f43105fc3a3e3b005e16aecd5bf4f67be
- hash: e21082f89587b00ade4af8eaf248989f25b1ddfc
- hash: e210dab82f7709b9a01a2735ca88fdfd81f295d4
- hash: e2635f10661d8d085d803078a900d32f170ddf4b
- hash: e2eb2cbd7a5088de3fba370a9adc9ae08cc6cf1c
- hash: e2f8fddc8c17d4535218231b12626610d69b67aa
- hash: e39aa69f9fb9a072988e045c8b8e69f3adcb8bd2
- hash: e3c0ce021261404a8808ff414013f3fa710fb36d
- hash: e3f52214176578a1b7b45b4f7091692a302402f8
- hash: e3f5f625c96b78c65361d4ce9997eb8fe269c7ba
- hash: e536300e48ce92cf82a153caccfdc5dc98f8a847
- hash: e71913b97f95d0ea503479bb43cd1178b3e33f10
- hash: e7d43606eb9fa18f4996db691f2086541b9bd3f4
- hash: e97cb399689e7d889312955896f6a4e3fc1d092e
- hash: e992e5249e12cc80b8375c079315b1c486a13d90
- hash: ea8bc17d3aca38a1deb1968a16ed64c52f331f54
- hash: eab6be69fbc87987a64474f67c237c728d792a70
- hash: eb901ee6b02a6ce51786241e300a30f82eae6dc5
- hash: ebb9d53e562fdf659ee2f4aeefbc428de15b81c8
- hash: ec45aaf47ec08f52fad9b6ef12f5edcbe4fd192f
- hash: ec85986413119e60684a99f3100c9d481cfdf08c
- hash: ecbdcb3eeb7185ab8ed904fc07bb77a3457b7b67
- hash: ed903aff92a236dc366fad99111280a8370a35df
- hash: edca8792f335b64b6929ef08b5d9bf812cc9ce77
- hash: ee07b0ce5c042c9b01e165a3ae18de80fbf1cd43
- hash: ef42322bb763f24d44c9594c43812aa18c99dfe3
- hash: ef80174f5a81973555605cbf1b9b5082727df347
- hash: f0170c1b821dcbb0daaa8bcdbd794d9e89331e19
- hash: f0e85e8f6eae4967cad566908c6d5dacbbb41f2f
- hash: f131a88cdfc93b2cd3e0731b0b6583a7326f1e19
- hash: f1501a45e6ac7d1e95c8a6ef9f192583b6d91a56
- hash: f1a932205d020c521ea52de4159d5d340cdb7fcc
- hash: f1c163880151c3999cf23c2e39ad228ac71d503d
- hash: f1c23c1e76acbd07591e4708bc2f2768a9f754f2
- hash: f25529f414e59e4e90cc74b7e2f48575205e6d4b
- hash: f2a4f0000a32ce1ef2c1e812770bc7c300ac551b
- hash: f2a9ee21332231fa20238ee0f13fc139266f09f5
- hash: f40fb715a308ccd0b38bafd3fdc537b4e0dbd404
- hash: f563abf96e6839d229feee7fe3f7505e8671252b
- hash: f65a2f9c0276a4cce73cc0b95ebfebd05f2cc973
- hash: f8e63b6947d2032e75964bac2e7072c6da8f72db
- hash: fa3d04c908bf3bf1e36485a8e9d4e901d9e5a57e
- hash: fa5ff4155006cf4baee347b20c448e1f4fbffbfc
- hash: fab6e4df7b80943ae29bb7b4edd003470da6627e
- hash: fadc68277f3ac40f5f85eb4c6b66f0dc282f488d
- hash: fc9809b849ac8827de7268186c125203b48eaabf
- hash: fcb8efa44585cb1108f96b2161005a2a61491ca1
- hash: fd1dd0aee3ccb7fabd751e8a3d3ba99c493391bd
- hash: ffd87620395edb43ae3f51bc7b5852e575627721
Self-replicating Shai-hulud worm spreads token stealing malware on npm
Description
A self-replicating worm named Shai-hulud has been detected on the npm registry, spreading through compromised developer accounts and injecting malicious code into legitimate packages. The worm steals cloud service tokens, primarily targeting npm, GitHub, AWS, and GCP. It also installs Trufflehog to detect additional secrets. The compromised packages include popular ones with millions of weekly downloads. The worm's functionality includes auto-spreading, token theft, and exposing private repositories. Similarities with previous npm compromises have been noted. The impact is significant, affecting numerous developers and organizations across various industries.
AI-Powered Analysis
Technical Analysis
The Shai-hulud worm is a self-replicating malware threat detected within the npm (Node Package Manager) ecosystem. It propagates by compromising developer accounts and injecting malicious code into legitimate npm packages, including some with millions of weekly downloads. Once a package is infected, the worm spreads automatically by modifying other packages, creating a supply chain infection that can rapidly escalate. The worm's primary malicious functionality is to steal cloud service tokens from environments such as npm, GitHub, AWS, and Google Cloud Platform (GCP). These tokens provide attackers with unauthorized access to cloud resources, potentially exposing sensitive data and infrastructure. Additionally, Shai-hulud installs Trufflehog, a tool used to scan repositories for secrets, which helps the worm identify and exfiltrate further credentials and private information. The worm also exposes private repositories, increasing the risk of intellectual property theft and further compromise. The infection vector leverages the trust developers place in open-source packages, making detection and mitigation challenging. Similarities with previous npm supply chain compromises suggest a recurring threat pattern targeting the open-source ecosystem. Although no known exploits are currently reported in the wild, the worm’s ability to self-propagate and steal high-value tokens makes it a significant threat to software supply chains and cloud environments.
Potential Impact
For European organizations, the Shai-hulud worm poses a substantial risk due to the widespread use of npm packages in software development and the reliance on cloud services like AWS, GCP, and GitHub. Compromise of developer accounts and injection of malicious code into widely used packages can lead to large-scale exposure of sensitive data, intellectual property theft, and unauthorized access to cloud infrastructure. This can result in operational disruptions, data breaches, regulatory non-compliance (e.g., GDPR violations), and reputational damage. The worm’s ability to steal tokens and expose private repositories could facilitate further lateral movement within organizational networks and cloud environments, amplifying the impact. Given the interconnected nature of software supply chains, even organizations not directly using the compromised packages may be affected if their dependencies include infected components. The threat is particularly critical for sectors with high cloud adoption and stringent data protection requirements, such as finance, healthcare, and critical infrastructure in Europe.
Mitigation Recommendations
To mitigate the Shai-hulud worm threat, European organizations should implement a multi-layered approach: 1) Enforce strict access controls and multi-factor authentication (MFA) on developer accounts for npm, GitHub, and cloud platforms to reduce the risk of account compromise. 2) Employ automated dependency scanning tools that can detect malicious or unexpected code changes in npm packages before deployment. 3) Use token management best practices, such as short-lived tokens, scoped permissions, and regular token rotation, to limit the impact of stolen credentials. 4) Monitor for unusual activity in cloud environments and repositories, including unexpected package updates or repository access patterns. 5) Integrate secret detection tools like Trufflehog into CI/CD pipelines to identify exposed secrets proactively. 6) Educate developers on secure coding and package management practices, emphasizing the risks of supply chain attacks. 7) Maintain an inventory of third-party dependencies and apply strict vetting processes before incorporating new packages. 8) Collaborate with npm and cloud service providers to report and remediate compromised packages swiftly. These targeted measures go beyond generic advice by focusing on the specific attack vectors and propagation mechanisms of the Shai-hulud worm.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Author
- AlienVault
- Tlp
- white
- References
- ["https://www.reversinglabs.com/blog/shai-hulud-worm-npm"]
- Adversary
- null
- Pulse Id
- 68c9d89d1c51a61c77ee8581
- Threat Score
- null
Indicators of Compromise
Hash
| Value | Description | Copy |
|---|---|---|
hash003ffad46ad3bca7f00252adee39f8f32345bd43 | — | |
hash0063c7524a71500459a9a66f906ab85146b440df | — | |
hash0072122333af7439c26a1667df5205d4d65af1b2 | — | |
hash0080fa150e875fe5a1c680e79267af73afb5fb95 | — | |
hash0096cf6dd7d10755c76f66189b882b56d2d3bc0b | — | |
hash026e4b7da1f1cee9ad99cb0fd6a1d255fe2b17a3 | — | |
hash03225c19bee852cbc8e60424f8e63914119ce40b | — | |
hash0490214387616c1265447752310136352545831e | — | |
hash05307d8af5bea87f5ec60aaadcdd7be5a0f2e3fd | — | |
hash066b0294e11a90cfcb11dad16f3d5557712c7ebd | — | |
hash06cd5c05d0f744d759daaf47d532093f3f181406 | — | |
hash06db2f70510bd4be0a07f94a6b72892c8aef2cdc | — | |
hash087e06ddade4a3a91292f550173f8470c49b5c36 | — | |
hash0c708c8b4d02903233ce1d3913353e4ab9e33ce9 | — | |
hash0c9b280e183cbf5276dc6b9650ea3fdd93fe2123 | — | |
hash0f2d98464cdaa2211a27977596c0c0652862302a | — | |
hash10788351b07d79534c26ecf23b21448476c38bb9 | — | |
hash10e0c7a70c43192e328efb49b32022386e0153c9 | — | |
hash110a6c4f5d41aee757d77aa19aa9a689ab754cdf | — | |
hash118ef85bd41f226651811314a17fb7ffba1e89fd | — | |
hash120e92669585a501b7676b3d4ca6239dd08c4f85 | — | |
hash12a2badfe08b09efbbe86052b5938ba9965fad39 | — | |
hash12fa3f0c96ca52b114448cc5caa73d37af104bff | — | |
hash13af3719a7dabcb5b4a694a172a52cb14df19a2d | — | |
hash13f4230e8fad87054239f365636c85ff8656236b | — | |
hash13fc4426a084e0046cdea50d6fa46af1d532b570 | — | |
hash15600f4ed3aeed95cdfa3a0722555a4e6c1aade5 | — | |
hash1751fe471fe83e2ea704f227077ca0fd4b339858 | — | |
hash177bee8c32779d3df154f52aa60ae32c65abfa53 | — | |
hash17b464cbf81e074aaed24eb87c02d567f56dcfce | — | |
hash18e323f15332a80e13037cf71fc632b4a7c79b27 | — | |
hash19361ef0716b83d0ae88878fbb29dfaf7e64efbc | — | |
hash19fa34ce71349720cd9bda9ca3cb529bc31550c5 | — | |
hash1a510a951e0fc186b99e313d94ab6ab72a6cd9d0 | — | |
hash1abffe88070892b714cbd9b52903ede4b7f51301 | — | |
hash1b15ec68abb696117242013e543bf21c991bbff9 | — | |
hash1b6704faf237f65c83e1856c1c5f6efa9ec0e9ab | — | |
hash1d96e59c100997baa323f34b0584231bac7e5c6b | — | |
hash1eb92906219550b13517ff254cc38c81e9cf5f2e | — | |
hash1f86a2dd3636c1b3f6754bc8ad760c1154a8eeee | — | |
hash1fca43f86a0a4c1697982c4659565b6532d2fecf | — | |
hash2095e7fa04d2017a4d03b14b2a4a978c076772e4 | — | |
hash210204bb7b25cef1a9ebe99f7215f2eeff2e5824 | — | |
hash21357b8d7070e494770dc1893690cb997f740f64 | — | |
hash22a00ac7a42f013e2cac82cf4a873dc6b064ae48 | — | |
hash22d7593d921a31bb662a81a99dab6dcb97af2c57 | — | |
hash240bf4209c195b352661376736eb37c1848fc866 | — | |
hash254071afdb95e945a2098fe598ad972edea624a6 | — | |
hash2548941c5f9b6b9136cc13983bfa7a67cd6ed6ef | — | |
hash255d1c45b8c6617da82036d6d2671635b7b5b4e3 | — | |
hash258baa048dbaa7ca2b6e795eaea231d4ae701afc | — | |
hash287a71e7df97b6c1cc10d51a4c18f8a1ce23cba0 | — | |
hash2a6d6b4fcf5e5b6f23b1c0ec9c5f2dd522aaa787 | — | |
hash2ad5fdb982e406b6817225f0a4edf30262a8ed3a | — | |
hash2c4f2019fc348539c97d75edcedd811e79bf1288 | — | |
hash2d85a99dccfd2814b3708511dc20039d62dde41a | — | |
hash2eaf147ef0a371050f3f1cec559ab9d2862036ae | — | |
hash3038d9666d04549cd391e3eb7e6012c5a411ea91 | — | |
hash308a65f72791b5082369dbc52faa70281b24668b | — | |
hash30c772252f31bc9d44dfa430a4476f3a2022e895 | — | |
hash30fc1482630d145d4bbd966ff1b8a61498694ca3 | — | |
hash310a7ab4c3fc611e7dd3228b37052a841ff494d6 | — | |
hash311bd20dc28b1db74b26e9ee6fb0b99fe401ec5a | — | |
hash317c491606e651a49db9873aed3a25fe2d7b9d6f | — | |
hash31a8730a11fc6cbf1bbdd216d7053949e908c50f | — | |
hash320facebe79fcee01094aec1727a0584dd19728c | — | |
hash32547a2862896cb2f96ac23284fc5e979f0e2414 | — | |
hash33a7132f70ace01638b8ee61b68815376e56f005 | — | |
hash3423b65bb0763ab6f7f739f732d44e014fc38e19 | — | |
hash34523ccc99f97688db11eac7ede7f998c5998d5b | — | |
hash345989a561fbde9bffe1bfbc5866f874fc9db923 | — | |
hash35187a7ee832909f901a713be277bb636692f422 | — | |
hash3563ab863a9df12638c628b00c36ca2acee6e547 | — | |
hash35d1b0e71c952dea1825e5533828d69637b5d30e | — | |
hash360e336ab65f10b537f93faac185345ea907e678 | — | |
hash36817c28b5af8368412e1a64d2f0152a433d2ac4 | — | |
hash37a6b73233b03a6eee735cb39122f677b783d23f | — | |
hash382b2e158f2f6a2efc70513bf8c7879715bf908a | — | |
hash389ecdcdc731e939261a597f11026b7ee216c77f | — | |
hash398bda76a8948d47b8bee4412bc5464cb08cd62a | — | |
hash3ab7860deb3bde7a324c12cbbeb5532442f56709 | — | |
hash3b7e58ab4a089f530c5d07de8cbdbf28645df51b | — | |
hash3c5b060c1a124123a7480cd57d9db98b52a638c3 | — | |
hash3d5425b61125c257b30d021673cd61132c2b18c9 | — | |
hash3dc768eeb76b49a2d7064b72adca5822b486285e | — | |
hash3f6ad78b44f30e9f61d0a69251e709e5f4a02954 | — | |
hash401831d474a9597445ace62baa3b656bca97417d | — | |
hash403ef6e62c8f8803aae156898a1167f8b9085b53 | — | |
hash40b9aa9f98dc6073e04a56fd9d3596e4abefc596 | — | |
hash4223c5eb6d4d8b757e8be054c56417611d47098e | — | |
hash4331d9d2fa8eda602d6d03146d04d5afe22e916e | — | |
hash47a73e73050a8883ff08568df024cbe3e2d6b639 | — | |
hash484b9545aa4425d31b9063d84df6754410215198 | — | |
hash48932e2c66fb9fd103cdd2a4c0bfb77483061511 | — | |
hash48f74f6af4a5932945b41479c734560ace278999 | — | |
hash4c1dd52439bc643280124a1987ec0aea9cdfbe06 | — | |
hash4c65f7bf4974a2892e2867dad270777cc1b1f0e0 | — | |
hash4c6aaae6c2f7e6b34e72a35f19ba686a6df76660 | — | |
hash4d07d9859fa20c5f287d699ddbe0ba1762ecf728 | — | |
hash4dc5ee4c3152541d892944c7599b81c8d6b1afd6 | — | |
hash4df5a8002dc1f264f5403f4ae8846f5a9de3fa03 | — | |
hash4e5e70b023b5d8f0983ba69d2fa2788b86df6d54 | — | |
hash4fd67072517195ee728a17533b065a0e9ad8150b | — | |
hash527b3bbcbb86e88a2f51199bc21e12aec19bbb62 | — | |
hash529a4a783d464070f6b6401bb3baf1535fee345d | — | |
hash567c818f028102701b31822817136b8af42f461b | — | |
hash5694d8c0c8368ead7cece24e0ae37b754df467de | — | |
hash571549715b590510f535fcb3e82920888295bc52 | — | |
hash576fa07c3562822a92f20954693ad5e10db2375c | — | |
hash58cf961afe349338d25ed0eb610310d02a2a1bd3 | — | |
hash5906e25493da68038fbb9d4325d46e2994d75d64 | — | |
hash5998c5fad96b4a1b91ae490ad4902680ca15a311 | — | |
hash59e3b10efec96f31c90a15d0b3cdb3c3a3474ed4 | — | |
hash5a7b8aa05b0a291b1fbe99d499ccc63b8aa71b79 | — | |
hash5a87d68716cf9d99ec90835d623559bead2a76d3 | — | |
hash5acc34cf4df6235952c5dd0c5fefefab27ce5590 | — | |
hash5b6457cd206d7e5154886a877d5c330ca4d01b4b | — | |
hash5b8857a6b61b9525aac325e4b3a79c3244005633 | — | |
hash5ce815ae8dfdb07fb5ebbc50643410e5f63daa2a | — | |
hash5cf876f82760193d2d068f3c5e1a24c7138002b1 | — | |
hash5d52b179e5fca147958aec81a2b9d321ce5fd60d | — | |
hash602a9c12e35b78e0608a163495b5bddb5c2dc0fe | — | |
hash60358631cd4fb8b529814623c09524ca8664105a | — | |
hash61217d6a1b8d58b28a5bfe811aefeed96fccd446 | — | |
hash614ddebdf1fd288070c2275c70b989348879feae | — | |
hash61a401e669a33cbd38ca717fda0e6bb86665e9bf | — | |
hash62092c345d57fe75256d0e2d1d0b694c8bc51bbf | — | |
hash62649977353e0dc5701c2f64344f450a12cb7484 | — | |
hash640376c96617c1845378137b7a1d9cb74928ba20 | — | |
hash647c831e11d264b78028e422e40d86bd8ce780de | — | |
hash64a415ff23f6388ab9c3b9487841303c6bf38ede | — | |
hash64ee393bc818f70708524859bc19401ee21b0013 | — | |
hash659820cbbcc8423a61db462dfe64ca30a9176203 | — | |
hash66e20f881eb94efdc0958ffb5569741b5fee510b | — | |
hash676be89a74e3bebde560fded35dabd0f8e00cd3b | — | |
hash67c50e318598acccef483929398d27fecbde3c76 | — | |
hash68a6d3c07d849ad799f25e2b0c6bc08718d23f99 | — | |
hash68e74c4250af9845f3c193b74e91124f2888de50 | — | |
hash6bc7f46b3bdb3021d57782f27028030d95b5ce38 | — | |
hash6bc95c243a33da1ff9ef09ba518da1ee58e44ff4 | — | |
hash6c28175816158ec4d2baecffad3deb786ff86581 | — | |
hash6c88f2f424d0a36cd9d63e399f3985f7d56600a4 | — | |
hash6d934e3e5ba69ad11c985b7762a4d6c927fb3d98 | — | |
hash6f3726f245f371b35541eded21a1b0ee113311fb | — | |
hash6f6b53f38e2e1880ed82810dc5fce39cdd942155 | — | |
hash6ff5d0a39979ea1f20f10128cfda5db2efcf78fb | — | |
hash711cfa0503a965e901a943798923bd5a181eda67 | — | |
hash71438f3f4e66f8a8e63a4009b39dfd62ceb1ee99 | — | |
hash73233bfb4ee82584594ae8388c2201d6ed16eee6 | — | |
hash741c2c511901178f4c4272fcfcaf00cf00b7c8be | — | |
hash74c548516d344a18949b85daa130f312e35bb6ce | — | |
hash74de479293d9a47cce99c13f25e15103d40fbd0f | — | |
hash7506b6c4d77b1338a5d489a6fae6c0f1f29460ea | — | |
hash778f311c19e6cb93ce739b8b64cbdd530355d52e | — | |
hash784dac6eae8261e32152f667286dc38e53b1bbcd | — | |
hash78f3a5b3d43d9d7037d3819cb338084fe4445539 | — | |
hash7951f1906b56a4efa93df963fc6d84c4a9704452 | — | |
hash795f4a1625f49b754da8ecf8ca7ee374d203f435 | — | |
hash7a1de8b9591a6920f980c7662ff9949642b4d0d4 | — | |
hash7b61753a2103e7f64318a3e707feb3bbb36d92a1 | — | |
hash7c1454a3907079182ce7441def94f21e7e3fb554 | — | |
hash7c613b0a9a0d3a004f567fc90da4ae472f6c736b | — | |
hash7c96e8d4e0fbe8acedfc56cd08e2adb66afeeed8 | — | |
hash7d6141ba73cefa92d86ea24cc8f6699b8035e29e | — | |
hash7d7f924bc9eeafea04c11d49a2903ecf84eaebbb | — | |
hash7d9b1f7f4f481aba7a6a469a9297b716c62f99be | — | |
hash7e65df9d8bc61cc9698c79d5879f4b193cc7dfb1 | — | |
hash7f82d532cc23945265391d54097f9f480142c161 | — | |
hash7faed5f3f91d69c9e75b102e43d00cbbfcb2e794 | — | |
hash8191b7a4f9710e20a270fc07769a7aea5fc194b2 | — | |
hash82600ebc40dae8ac100e4611738e30d8f99cd352 | — | |
hash83352fb0f053fad895c79b42ad6d3cf62dd17e06 | — | |
hash83ddf0bc25c6e88d45704fbc813761fca4179193 | — | |
hash845a1e93818f8860ece4c9da82884009b159921c | — | |
hash852391435a52bb19b5e008d0306e6113f5c178c8 | — | |
hash85538b42f006e31ce802b5cc5fdb5000ecaf9998 | — | |
hash87e624c96b4e113bbeddb7c251687d614f70e8c3 | — | |
hash8820c2a858b73c91eb9567355dba4b6911bb2eed | — | |
hash885408eaba607eae0b325332e16597c95105a071 | — | |
hash88a1b7b4dfe55bfcf33ee73520506596c3b11f05 | — | |
hash88cfd1228ea1c8a22ced8b103c4e55c284f6225b | — | |
hash893f7d22e9e2a9f50ae583522bcace960a706a04 | — | |
hash8960070bcf368cb548f80756e22170836028897d | — | |
hash897513887c92230ff0244cd51cd8f29664df28a5 | — | |
hash8b547b4d81002e1fea9609e479ca9d960bdaf4fe | — | |
hash8b5f31b22ac158f488179c49e718043e6bef25ef | — | |
hash8b88d5346ba09eb39b708ef0026790ee015b2fe6 | — | |
hash8b9873af85a6f4a5ab24d76dd97dc3fa83a53dd6 | — | |
hash8be68bfc0d8ea36f5a091c8bb3bac0396dbde3de | — | |
hash8c9e509a486a243910491fa789ea8897a5b12c09 | — | |
hash8d33988a9f1c404c757b9bd474a1dc9e632d0882 | — | |
hash8df342eb91f9a325df8b6224af84019bf6cd1f6a | — | |
hash9094b2c603f4ed27c43c5dd43aa88042dd869838 | — | |
hash90a6096f7c835adcaa6fd55a46d86a39c2d23e04 | — | |
hash90b442685ac930390102205534b9b15cc25f2d06 | — | |
hash90f59eaa4385641055b328fd2b0b5ab8d310301f | — | |
hash90fb283db12bcd6d4ead5f23b49b660fe060d451 | — | |
hash91255a47be4f1a3bdee2646d82ca412087708cab | — | |
hash91af64987e656a34c42438e8e1bb40cc1b7f4508 | — | |
hash930719f947239b5ddf61ca30ed5583ace8b95ede | — | |
hash932608d1ce4a27c9ee27ff94d68a0b511470eabb | — | |
hash933d64001fc0459dae8a0449e08c662c734a6f0b | — | |
hash934de881ec1be63301a8fd64ec761cc0a41c2ba5 | — | |
hash93fe3f8a095b4d4000b95c8eecb029293bf6912f | — | |
hash9459764f29b525e068c890663c79ec7ef81e9496 | — | |
hash953dc4903d8a08f21d0a7cf49f01a1fe9f219434 | — | |
hash960aab3849afce2f6ab148cfdf8d37cb5e681f69 | — | |
hash967bcd5cf05a814b9e14895183fe1e00fe06c8fd | — | |
hash97dd6150e9390a09ba561bebb719d10cf153b753 | — | |
hash97df17665971e350f672c908043265ff72c9027d | — | |
hash98b48eb833fa7c4efd2e5614ea8eee707d6a0a9f | — | |
hash996e65e1b433acace71844e61707068cad2e48dd | — | |
hash99883d3c767c292a3c71f7bb0ae8bcd2e558c571 | — | |
hash9b9a438091a5647e4ceb336fea424a384756183e | — | |
hash9c06ae302b7fa55d679857b4f327abb63b4d48d9 | — | |
hash9d7217be91c6da2de9ebac80aa7f7234071697d4 | — | |
hash9dd491b1b2faa10419198cadc25d0b30d46acba2 | — | |
hash9fa8eaa98cd9cb7407f1f368a9f2acd133e1e1d8 | — | |
hasha0aade7704bf7fe660823a61705dfda12734da2e | — | |
hasha12e996d90f783e67ca0b1a83eea0db2f099d003 | — | |
hasha134cb5a9c3187c7e2419ce5981bc8365cfbb1d7 | — | |
hasha1a3451d41b4d7e46080ed4ead5a2270cf8c434a | — | |
hasha21ea668986d01115824e61442308842ad4e3352 | — | |
hasha28500d7adbb44e9fb29cb64401077ccfa2725ea | — | |
hasha28a7b4cd232a7935fdf9495b439a8d54ececbc6 | — | |
hasha33d081002d21fa5105203df68d82df5d1857977 | — | |
hasha3ab92d9dd7c337696d540d29e4ad82c472c3a4f | — | |
hasha3c6ec9670b239f7f69e41b99adc72f9a8894495 | — | |
hasha4cf109edf9241d35ef736ee01b18b7490b6f52c | — | |
hasha5e233a8801faec95d35a703c0ca701e95048b35 | — | |
hasha6f0ac3737e30f477d9466aab217e9925f3246ce | — | |
hasha76e27340d18fa060f0ad2fb6356cdb33c0a517e | — | |
hasha87cbf0a4cefbce50aa699641df2b61a833bca97 | — | |
hasha92eafa302c3b910196fabc7387ac1bf01df1ad7 | — | |
hasha9990a5a9c470b631522f2d5916446c4bac85ed3 | — | |
hasha99abc7faa2a12bc661af4a75d772068ed26d1a8 | — | |
hasha9af7a973c11192c6656a9a175102beb497051f5 | — | |
hasha9bd726a1c567cbf8be371de175298c2ba10b19b | — | |
hashac411d816215ea980a8e0375ec34bbaf9456eed7 | — | |
hashac9b23db8bac7ce84d507b73628818814a6fe24c | — | |
hashaea3cb5108e29c7869890012d06a7396a8b29ec3 | — | |
hashaf797c0a93b635e0fa17b5d6b08038fa4cd2db16 | — | |
hashb0fec9e0e1855df3f154f021489848087b5f8762 | — | |
hashb146a5c835f456b85f4c4b05003bee82deb2d4b5 | — | |
hashb197cfd9bfbb94ffdf3dc2ac26cfd987ba66ae1c | — | |
hashb1fb89ed6bd2d5e0f8c1958c080eb47ff2e6c01b | — | |
hashb582920e855e1e2c6ada833b9bc847fa71b705ec | — | |
hashb6003fe43666d12f190d51f5279c44c480dd63e6 | — | |
hashb624a8aa11fb92008a5d2833090735311b969877 | — | |
hashb64401062ed84bacab8d6de8d6865d05978cd713 | — | |
hashb6501d1eac8e9e9faa7d54cab6058bdb1072e682 | — | |
hashb65a8f02bcc425e9f43f44c4062e57a7ed0bb4ac | — | |
hashb745835142c52bfcc17cc7d937fead39a7196eeb | — | |
hashb7ba4864a1aab4ba632c9c0fe1fcdc2fb0c268c8 | — | |
hashb95d8b582445b8c2b9aa62329fde4ca6ed7fbd0e | — | |
hashb9693e359149d8d85184f00dea3aadac74aa491f | — | |
hashba60d4d997dd7367fa3490d1a39cf40ff2733504 | — | |
hashbadf1b89443fc68e1369dd753eaeaac784e9df1b | — | |
hashbb5d7c3f23e1b5218f7a718f0a627cd0e897f39a | — | |
hashbb89a120088691e2bd055678ed5c4ccb9a0c924f | — | |
hashbd839fe0b70def1c8ac7b6f3c9d6e8be16d6ddc0 | — | |
hashc1fe9ce3cd6cacab31a8667294dca65faa0f3329 | — | |
hashc2f0cc5734af74e244ff7ac34ea45387d813a22d | — | |
hashc30927317377e66447b94ab5fbebb222123cf7e8 | — | |
hashc4a7f650aa3281fbb8c518eeb5254929e00a3651 | — | |
hashc5012da7a0588bf39f4666a83ce43e11f70eb655 | — | |
hashc68054201d511f2135750edaef49958b4587267f | — | |
hashc6a544ed98b9a84cd45e115248b1ae3af79f075d | — | |
hashc796d3f742f08fd89f052c9ce0371665ff23cd1c | — | |
hashc7a9213783333353d635e9949705294bb2662c38 | — | |
hashc7d64660cd39ab9ae3a57cb2c9bbf7a89cf559c7 | — | |
hashc85966a482146b1d3d9e92d2e08d2e4ea8be643b | — | |
hashc86e40c248604f06e220675de5ea0af17711fc66 | — | |
hashc8ae5c76dc5837e18736678e928357a575a28a9f | — | |
hashc9011fb8316e2cc639099643d42909aa32f5f85b | — | |
hashcab67ca4f2051efb640e5b73b5faea6c2b7af4a1 | — | |
hashcaf629df8ec99ba641873e887a9d3e17bb2e040c | — | |
hashcb45e25a49b4cd39f6d769d5c381701619707276 | — | |
hashcb81069ef7b290660f9f640a56cfab33bd5764df | — | |
hashcc289cc72e44d3863d4d099bc1a597fec17821c2 | — | |
hashcc7371ec3fc1ad9a62cb246e5885f13edf5fdeca | — | |
hashccb7989988f61539928bc49637ec5aa76d350cb3 | — | |
hashcd11335d66bed36e237b91ed2bc1b8ac0dc3c560 | — | |
hashcdecc1d75cc5f9f03c7b6c0d96fe0ca1476ee049 | — | |
hashcee131c1972396e0f0b2bd39c49d41a0806e2409 | — | |
hashcefb886c65d58dec552d217bf2e6bbfff900a067 | — | |
hashcfb5b91d5cd26eefa1bec6bf7f281d1f978d9b2f | — | |
hashd02f0f2ea5c9b1c29e5f6aae4fa0677f99b03cde | — | |
hashd04365647522fa3f5f4e4279dad1666b442812e2 | — | |
hashd0af49cbe1564999993f78611357780d5ee52f43 | — | |
hashd1c4c5d62cb29b32918227c6def85f4867392919 | — | |
hashd1ebfcb06fbab215f80a7689b99d880270f88cf5 | — | |
hashd36e5dd827d1b316e641a28bd4d1fb74b209d6f4 | — | |
hashd3eaea409b77c9497adbf544563a2abb197f1d95 | — | |
hashd42991857e0d782ce3b8cdc43ee2482e96b5884c | — | |
hashd43347437dd29a3cae7bc1444a86d3c9cad281ec | — | |
hashd4c71b45ffe55cb8c83a34af47c768c31c528a89 | — | |
hashd5d59f23fb67853a7636a6798d5fa245733c00bf | — | |
hashd64d6c775c37bf4c1a19c5ec9354f9caff435eaf | — | |
hashd7e800c37d67d878149fc7a6fb1569a654f928e5 | — | |
hashd8c0d20a17951f0b8a85c7cf5400d98841e17de6 | — | |
hashd923da975d139aaa665f35b8feacbe6efead4dca | — | |
hashd93c8c3688745239be212f87df64edb7e2284910 | — | |
hashd9f7f7f88fbc8094b721968d150af696913fa590 | — | |
hashdaa020b17b23a7d9f83048a626ea8398bedad195 | — | |
hashdb10e35377f42be2016c15ed6caf95295f34aed0 | — | |
hashdb4428be64a256f77f82f58237b416ba3ca0f16c | — | |
hashdc3c63c58f1f1fa2117b1657114b5d7e4c44c850 | — | |
hashdc9758c76a361fe4a17d0cd51c9f8e5510f68cd5 | — | |
hashdc9e84f92048b0aa78e0a17ae69708ee7aeee349 | — | |
hashdcea1fdaa6621072fed6962e3461e18c22f7261d | — | |
hashddbf3395f4d584e2a788b15061e85c2d17fb1509 | — | |
hashe0ac565baadd1f2a34b672549029b0fea57fe253 | — | |
hashe1ebff1f43105fc3a3e3b005e16aecd5bf4f67be | — | |
hashe21082f89587b00ade4af8eaf248989f25b1ddfc | — | |
hashe210dab82f7709b9a01a2735ca88fdfd81f295d4 | — | |
hashe2635f10661d8d085d803078a900d32f170ddf4b | — | |
hashe2eb2cbd7a5088de3fba370a9adc9ae08cc6cf1c | — | |
hashe2f8fddc8c17d4535218231b12626610d69b67aa | — | |
hashe39aa69f9fb9a072988e045c8b8e69f3adcb8bd2 | — | |
hashe3c0ce021261404a8808ff414013f3fa710fb36d | — | |
hashe3f52214176578a1b7b45b4f7091692a302402f8 | — | |
hashe3f5f625c96b78c65361d4ce9997eb8fe269c7ba | — | |
hashe536300e48ce92cf82a153caccfdc5dc98f8a847 | — | |
hashe71913b97f95d0ea503479bb43cd1178b3e33f10 | — | |
hashe7d43606eb9fa18f4996db691f2086541b9bd3f4 | — | |
hashe97cb399689e7d889312955896f6a4e3fc1d092e | — | |
hashe992e5249e12cc80b8375c079315b1c486a13d90 | — | |
hashea8bc17d3aca38a1deb1968a16ed64c52f331f54 | — | |
hasheab6be69fbc87987a64474f67c237c728d792a70 | — | |
hasheb901ee6b02a6ce51786241e300a30f82eae6dc5 | — | |
hashebb9d53e562fdf659ee2f4aeefbc428de15b81c8 | — | |
hashec45aaf47ec08f52fad9b6ef12f5edcbe4fd192f | — | |
hashec85986413119e60684a99f3100c9d481cfdf08c | — | |
hashecbdcb3eeb7185ab8ed904fc07bb77a3457b7b67 | — | |
hashed903aff92a236dc366fad99111280a8370a35df | — | |
hashedca8792f335b64b6929ef08b5d9bf812cc9ce77 | — | |
hashee07b0ce5c042c9b01e165a3ae18de80fbf1cd43 | — | |
hashef42322bb763f24d44c9594c43812aa18c99dfe3 | — | |
hashef80174f5a81973555605cbf1b9b5082727df347 | — | |
hashf0170c1b821dcbb0daaa8bcdbd794d9e89331e19 | — | |
hashf0e85e8f6eae4967cad566908c6d5dacbbb41f2f | — | |
hashf131a88cdfc93b2cd3e0731b0b6583a7326f1e19 | — | |
hashf1501a45e6ac7d1e95c8a6ef9f192583b6d91a56 | — | |
hashf1a932205d020c521ea52de4159d5d340cdb7fcc | — | |
hashf1c163880151c3999cf23c2e39ad228ac71d503d | — | |
hashf1c23c1e76acbd07591e4708bc2f2768a9f754f2 | — | |
hashf25529f414e59e4e90cc74b7e2f48575205e6d4b | — | |
hashf2a4f0000a32ce1ef2c1e812770bc7c300ac551b | — | |
hashf2a9ee21332231fa20238ee0f13fc139266f09f5 | — | |
hashf40fb715a308ccd0b38bafd3fdc537b4e0dbd404 | — | |
hashf563abf96e6839d229feee7fe3f7505e8671252b | — | |
hashf65a2f9c0276a4cce73cc0b95ebfebd05f2cc973 | — | |
hashf8e63b6947d2032e75964bac2e7072c6da8f72db | — | |
hashfa3d04c908bf3bf1e36485a8e9d4e901d9e5a57e | — | |
hashfa5ff4155006cf4baee347b20c448e1f4fbffbfc | — | |
hashfab6e4df7b80943ae29bb7b4edd003470da6627e | — | |
hashfadc68277f3ac40f5f85eb4c6b66f0dc282f488d | — | |
hashfc9809b849ac8827de7268186c125203b48eaabf | — | |
hashfcb8efa44585cb1108f96b2161005a2a61491ca1 | — | |
hashfd1dd0aee3ccb7fabd751e8a3d3ba99c493391bd | — | |
hashffd87620395edb43ae3f51bc7b5852e575627721 | — |
Threat ID: 68ca9a856f90669b55758b38
Added to database: 9/17/2025, 11:24:53 AM
Last enriched: 9/17/2025, 11:25:34 AM
Last updated: 9/18/2025, 10:43:55 PM
Views: 13
Related Threats
ThreatFox IOCs for 2025-09-18
MediumFake Empire Podcast Invites Target Crypto Industry with macOS AMOS Stealer
MediumMalicious PyPI Packages Deliver SilentSync RAT
Medium"Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack
MediumThreatFox IOCs for 2025-09-17
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.