IOC Radar
TLP:WHITE2 IOCs

Threat Intelligence | TrapDoor Analysis: A Cross-Ecosystem Supply Chain Credential Theft Operation

SL
SlowMist
Published May 28, 2026Original Report

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYunknownINFRASTRUCTUREhttps://ddjidd564.git…https://ddjidd564.git…CAPABILITYunknownVICTIMunknown
Adversary
Infrastructure(2)
Capability
Victim

Attack Flow6 steps · MITRE ATT&CK mapped

Initial AccessTA0001·T1195
1/6
Compromise Software Supply Chain
ActionPublish malicious packages
Malicious packages were published across npm, PyPI, and Crates.io ecosystems, disguised as legitimate tools.

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise2

TypeIndicatorConfidenceScoreFirst Seen
URLhttps://ddjidd564.github.io/defi-security-best-practices/config.json
exfiltrationintel-blogmalware
High
58
Jun 2, 26
URLhttps://ddjidd564.github.io/defi-security-best-practices/priority_targets.json
intel-blognetworkurl
High
58
Jun 2, 26

IOC Relationship Graph

IOC Relationship Graph2 total IOCs
URL
URL2REPORTThreat Intelligence | Trap
scroll to zoom · drag to pan · click IOC to open