TLP:WHITE13 IOCs

Threat Intelligence | Analysis of the node-ipc Supply Chain Compromise and Poisoning Attack

SlowMist

Published May 16, 2026Original Report

Diamond Model

Adversary

Infrastructure(3)

Capability

Victim

Initial AccessTA0001·T1195

1/7

Supply Chain Compromise

ActionCompromise legitimate package

An attacker gained control of the legitimate node-ipc package on npm and published malicious versions.

Analysis unavailable

Type	Indicator	Confidence	Score	First Seen
SHA1	fe5d107b9d285327af579259a32977c4f475fa26 file-hashindicatorintel-blog	Medium	53	Jun 2, 26
SHA1	58ae7338960ef525d7c655023d7c81e3ddb283d6 file-hashindicatorintel-blog	Medium	53	Jun 2, 26
SHA256	96097e0612d9575cb133021017fb1a5c68a03b60f9f3d24ebdc0e628d9034144 file-hashindicatorintel-blog	Medium	53	Jun 2, 26
SHA256	c2f4dc64aec4631540a568e88932b61daebbfb7e8281b812fa01b7215f9be9ea file-hashindicatorintel-blog	Medium	53	Jun 2, 26
SHA1	ab7388363936bf527afd4173b5728c7cdbdd01ab file-hashindicatorintel-blog	Medium	53	Jun 2, 26
SHA256	449e4265979b5fdb2d3446c021af437e815debd66de7da2fe54f1ad93cbcc75e file-hashindicatorintel-blog	Medium	53	Jun 2, 26
CVE	CVE-2022-23812 exfiltrationexploitintel-blog	Medium	51	Jun 2, 26
MD5	d1ba0419cb5e5de91b9b58e87b8322e1 file-hashindicatorintel-blog	Medium	53	Jun 2, 26
SHA256	78a82d93b4f580835f5823b85a3d9ee1f03a15ee6f0e01b4eac86252a7002981 file-hashindicatorintel-blog	Medium	53	Jun 2, 26
SHA1	f5970a9774a22a863728b960543f68e7009099ef file-hashindicatorintel-blog	Medium	53	Jun 2, 26
IP	37.16.75.69 c2exploitintel-blog	High	58	Jun 2, 26
URL	https://sh.azurestaticprovider.net:443 intel-blognetworkurl	High	58	Jun 2, 26
Domain	sh.azurestaticprovider.net intel-blogmalwarenetwork	High	58	Jun 2, 26

IOC Relationship Graph13 total IOCs

SHA1SHA256CVEMD5IPURLDomain

scroll to zoom · drag to pan · click IOC to open