{ "name": "Persistent npm Campaign Shipping Trojanized jQuery", "slug": "persistent-npm-campaign-shipping-trojanized-jquery", "description": "The report describes a persistent supply chain attack involving the distribution of a trojanized version of jQuery through various platforms like npm and GitHub. The malicious jQuery variant, containing a modified 'end' function, exfiltrates website form data by sending it to remote URLs controlled by the attackers. The attack stands out due to its high variability across packages, including unique exfiltration URLs and usernames, as well as the inclusion of personal files in the published packages. This suggests a manual approach rather than an automated one. The report highlights the potential for widespread impact and demonstrates the increasing complexity of supply chain threats.", "published": "2024-07-10T07:36:24+00:00", "created_at": "2024-07-10T07:36:24+00:00", "modified_at": "2024-07-10T08:02:40+00:00", "created_at_opencti": "2024-07-10T07:36:24+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2024-07-10", "exfiltration", "github", "malware", "npm", "supply-chain" ], "related_entities": { "observables": [ { "id": "", "name": "https://systems-alexhost.xyz" }, { "id": "", "name": "https://system-alexhosting.biz.id" }, { "id": "", "name": "https://saystem.ditzzultimate.xyz" }, { "id": "", "name": "https://qxue.biz.id" }, { "id": "", "name": "https://pukil.dannew.biz.id" }, { "id": "", "name": "https://project.systemgoods.me" }, { "id": "", "name": "https://pokemon.denii.biz.id" }, { "id": "", "name": "https://patipride.icikipoxx.pw" }, { "id": "", "name": "https://paneljs.hanznesia.my.id" }, { "id": "", "name": "https://paneljs.dimashost.xyz" }, { "id": "", "name": "https://panel.api-bo.my.id" }, { "id": "", "name": "https://panel-host.dmdpanel.my.id" }, { "id": "", "name": "https://panel-host.clannesia.com" }, { "id": "", "name": "https://ns.api-system.engineer" }, { "id": "", "name": "https://nd.api-system.engineer" }, { "id": "", "name": "https://log.systems-alexhost.xyz" }, { "id": "", "name": "https://log.api-system.engineer" }, { "id": "", "name": "https://irisainginbos.icikipoxx.pw" }, { "id": "", "name": "https://danu.eventtss.my.id" }, { "id": "", "name": "https://cssimage.dimashost.xyz" }, { "id": "", "name": "https://apiweb.eventtss.my.id" }, { "id": "", "name": "https://api.newrxl.online" }, { "id": "", "name": "https://apii.fukaes.ninja" }, { "id": "", "name": "https://api.jstyy.xyz" }, { "id": "", "name": "https://api.iimg.my.id" }, { "id": "", "name": "https://api.codatuys.biz.id" }, { "id": "", "name": "https://api-web-vrip.hanznesia.my.id" }, { "id": "", "name": "https://api-system.engineer" }, { "id": "", "name": "https://api-bo.my.id" }, { "id": "", "name": "https://anti-spam.truex.biz.id" }, { "id": "", "name": "https://ajax.failexpect.biz.id" }, { "id": "", "name": "http://truex.biz.id/halo/?cat=" }, { "id": "", "name": "http://apii-pandawara.ganznesia.my.id" }, { "id": "", "name": "saystem.ditzzultimate.xyz" }, { "id": "", "name": "pukil.dannew.biz.id" }, { "id": "", "name": "project.systemgoods.me" }, { "id": "", "name": "pokemon.denii.biz.id" }, { "id": "", "name": "paneljs.hanznesia.my.id" }, { "id": "", "name": "patipride.icikipoxx.pw" }, { "id": "", "name": "paneljs.dimashost.xyz" }, { "id": "", "name": "panel.api-bo.my.id" }, { "id": "", "name": "panel-host.dmdpanel.my.id" }, { "id": "", "name": "panel-host.clannesia.com" }, { "id": "", "name": "irisainginbos.icikipoxx.pw" }, { "id": "", "name": "log.systems-alexhost.xyz" }, { "id": "", "name": "danu.eventtss.my.id" }, { "id": "", "name": "cssimage.dimashost.xyz" }, { "id": "", "name": "apiweb.eventtss.my.id" }, { "id": "", "name": "apii.fukaes.ninja" }, { "id": "", "name": "api.newrxl.online" }, { "id": "", "name": "apii-pandawara.ganznesia.my.id" }, { "id": "", "name": "api.jstyy.xyz" }, { "id": "", "name": "api.codatuys.biz.id" }, { "id": "", "name": "api.iimg.my.id" }, { "id": "", "name": "api-web-vrip.hanznesia.my.id" }, { "id": "", "name": "anti-spam.truex.biz.id" }, { "id": "", "name": "ajax.failexpect.biz.id" }, { "id": "", "name": "truex.biz.id" }, { "id": "", "name": "systems-alexhost.xyz" }, { "id": "", "name": "system-alexhosting.biz.id" }, { "id": "", "name": "qxue.biz.id" }, { "id": "", "name": "api-bo.my.id" }, { "id": "", "name": "ns.api-system.engineer" }, { "id": "", "name": "nd.api-system.engineer" }, { "id": "", "name": "log.api-system.engineer" }, { "id": "", "name": "termux.properties" }, { "id": "", "name": "api-system.engineer" } ], "attack_patterns": [ { "id": "870bd958-53a3-4d25-9f23-00aa8bd6674d", "name": "T1102" }, { "id": "804630c7-dda3-49df-9ac4-70bd1ad83e06", "name": "T1192" }, { "id": "0156fcda-e385-4662-b388-086c3e16feec", "name": "T1140" }, { "id": "358e04b8-6f65-48b2-a24b-f101bfc6671a", "name": "T1195" }, { "id": "6c8f8a40-2746-4a37-86bd-81e82afa6e62", "name": "T1190" }, { "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221", "name": "T1059" } ] }, "external_refs": [ "https://blog.phylum.io/persistent-npm-campaign-shipping-trojanized-jquery/", "https://otx.alienvault.com/pulse/668e56193194da7c0afb3c8c" ] }