THREAT OPS › Threat News › North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack
North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack
<div class="block-paragraph_advanced"><p>Written by: Austin Larsen, Dima Lenz, Adrian Hernandez, Tyler McLellan, Christopher Gardner, Ashley Zaya, Michael Rudden, Mon Liclican, Muhammad Umair</p> <hr /></div> <div class="block-paragraph_advanced"><h3><span style="vertical-align: baseline;">Introduction</span><strong style="vertical-align: baseline;"> </strong></h3> <p><span style="vertical-align:
MITRE ATT&CK techniques
Indicators of compromise
- e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09sha256
- c5adea0fa8aac14e6aabd8d3d4a1d19e4cd0eb76e679f2e9d3fed2a3170c09bbsha256
- fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cfsha256
- 92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645asha256
- 617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101sha256
- ed8560c1ac7ceb6983ba995124d5917dc1a00288912387a6389296637d5f815csha256
- f7d335205b8d7b20208fb3ef93ee6dc817905dc3ae0c10a0b164f4e7d07121cdsha256
- 58401c195fe0a6204b42f5f90995ece5fab74ce7c69c67a24c61a057325af668sha256
- 04e3073b3cd5c5bfcde6f575ecf6e8c1md5
- 089e2872016f75a5223b5e02c184dfecmd5
- 7658962ae060a222c0058cd4e979bfa1md5
- https://www.npmjs.com/package/axiosurl
- http://sfrclak.com:8000/6202033url
- https://wiz.iourl
- https://deps.dev/url
- https://www.virustotal.com/gui/collection/c5adea0fa8aac14e6aabd8d3d4a1d19e4cd0eb76e679f2e9d3fed2a3170c09bb/summaryurl
- http://sfrclak.com:8000url
- https://www.wiz.io/blog/axios-npm-compromised-in-supply-chain-attackurl
- ifstap@proton.meemail
- 142.11.206.73ipv4
- 23.254.167.216ipv4
- packages.npm.orgdomain