TLP:WHITE15 IOCs
From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet
Threat Actors
Malware Families
Diamond Model
Adversary(2)
Infrastructure(5)
Capability(2)
Victim
5W+H Threat Analysis
Analysis unavailable
Indicators of Compromise
Indicators of Compromise15
| Type | Indicator | Confidence | Score | First Seen |
|---|---|---|---|---|
| SHA256 | ae70dd4f6bc0d1c8c2848e4e6b51934626c4818dcb5af99d080ddbd7dc337185 account-takeoverbrute forcecredential stuffing | Medium | 38 | Jun 19, 26 |
| SHA256 | 4a8860240e4231c3a74c81949be655a28e096a7d72f38fbe84e5b37636b98417 file-hashindicatorintel-blog | Medium | 45 | Jun 18, 26 |
| [email protected] emailintel-blogmalware | High | 58 | Jun 20, 26 | |
| SHA256 | 50eae63d3e24be9ca8803f4b5a0408aef97ee3fab7af018d8c2dde7c359edd65 file-hashintel-blogloader | Medium | 53 | Jun 20, 26 |
| IP | 23.254.164.92 aptespionageindicator | High | 74 | May 20, 26 |
| MD5 | 09442294c21d601512eb3587c3076172 file-hashintel-blogmalware | Medium | 53 | Jun 20, 26 |
| [email protected] emailintel-blogmalware | High | 58 | Jun 20, 26 | |
| SHA256 | b122a9873bedf145ae2a7fd024b5f309007dbb025149f4dc4ac3f7e4f32a36a4 cross-platform stealercryptocurrencycryptocurrency theft | Medium | 46 | Jun 18, 26 |
| IP | 23.254.164.123 aptbotnetespionage | Medium | 64 | Jun 17, 26 |
| URL | https://teams.onweblive.org/api/update/8555575039/4 intel-blogmalwarenetwork | High | 58 | Jun 20, 26 |
| SHA256 | 1d1bf5e8c1539d2f05b1429235b8f4990f87036774be95157b315a7803dd5526 file-hashintel-blogloader | Medium | 53 | Jun 20, 26 |
| URL | https://23.254.164.92:8000/update/49890878 aptespionageintel-blog | Medium | 49 | Jun 17, 26 |
| SHA256 | b73de25c053c3225a077738a1fcbd9ca6966d7b3cd6f5494a30f0aa0eae55c7e file-hashindicatorintel-blog | Medium | 45 | Jun 18, 26 |
| SHA256 | 221c45a790dec2a296af57969e1165a16f8f49733aeab64c0bbd768d9943badf cross-platform stealercryptocurrencycryptocurrency theft | Medium | 46 | Jun 18, 26 |
| URL | https://maskasd.com/8555575039 c2intel-blogmalware | High | 58 | Jun 20, 26 |
IOC Relationship Graph
IOC Relationship Graph15 total IOCs
SHA256EmailIPMD5URL