IOC Radar
SHA256MediumSignal 29/100

18e8742fb6fb5e70c0c91823d72f5d9074be1d1cba1cbfc0eca75b5427e544da

First Seen
Apr 17, 2026
Last Seen
Apr 24, 2026
Apr 17
First Seen
60d ago
Apr 24
Last Seen
53d ago
2
Reports
source reports
29%
Confidence
medium
Found in 2 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
29%
Signal Score
29 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

9 techniques

Feed Intelligence Summary

2 reports29% confidence
2
Source reports
29%
Confidence score
Category tags
ai companiesbehavioralbinarycapital firmschain attackfile-hashindicatoriocslinux binaryluxury brandsmain packagemalwarenetworknpm packagesnpm securityopen source securitypackage securityresearchedstardrop supplyt1036t1036.005t1074.001t1082t1105t1195.001t1528t1552.001t1552.005targets venturethreat intelligencewindows binaryyara

Activity Timeline

1 total obs
Apr 24Apr 24

Threat Activity Heatmap

· Peak: 2026-04-24
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
29
SIGNAL
Signal Score
29%
Confidence
2
Reports
First seenApr 17, 2026
Last seenApr 24, 2026

VirusTotal

Not checked

WHOIS

description
The Stardrop threat campaign has emerged as a significant supply chain attack, targeting AI companies, venture capital firms, and luxury brands through malicious packages distributed via the Node Package Manager (NPM). Analysts have tracked the deployment of over 200 malicious packages purportedly providing an AI coding tool named Stardrop. Identifiers for these packages include names resembling well-known AI and developer tools as well as luxury brands. The malicious payloads exploit official elements by disguising real intents under optional dependencies, leading to a broader impact despite NPM’s rapid response in removing them from their registry.
references
IOCs.2026.csv, https://opensourcemalware.com/blog/stardrop-attack

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 months ago · Last seen 1 month ago
Appeared in 2 threat reports