MAL-2023-1148
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/cptalertbox/MAL-2023-1148.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2023-1148
- Aliases
-
- SNYK-JS-CPTALERTBOX-5876605
- Published
- 2023-05-29T00:00:00Z
- Modified
- 2024-06-28T03:14:33.099792Z
- Summary
- Malicious code in cptalertbox (npm)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: checkmarx (88c1f10ff1d7a9b89a479bd30b9548a7adc533c677f7913c88563b08e9d28814)
Malicious packages campaign since 2021 targeting developers, steals source code and secrets
Source: ossf-package-analysis (6335c6dc85309d9e802aa0989e277e329a7e87887f9ddba2aeb7db0ebc1772f2)
The OpenSSF Package Analysis project identified 'cptalertbox' @ 71.999.0 (npm) as malicious.
It is considered malicious because: - The package executes one or more commands associated with malicious behavior.
- Database specific
{ "iocs": { "ips": [ "178.128.27.205", "185.62.56.25", "185.62.57.60", "198.199.83.132", "5.9.104.19", "51.250.2.204", "65.21.108.160" ], "domains": [ "6wxd3v84nevku06dcgbqcxrmt.canarytokens.com", "fhg62xavat9jzyt6euwxi6sro.canarytokens.com", "1wy3rk316x8qqy4fyxtvcs4kkbq2es2h.oastify.com", "288utkkrohmp0nr8znflcp88nztrhg.oastify.com", "bq5m9lnmalh9ktyi9wydockt9kfb32rr.oastify.com", "c7kxnys58daceezcxx0jjstn6ec50vok.oastify.com", "cczk46g2vtc0000k68dgggx31deyyyyyb.oast.fun", "cfrg38n2vtc0000h72xgg8hebweyyyyyb.oast.fun", "cfswk0m2vtc0000myvg0g8h6jocyyyyyb.oast.fun", "cfytrzv2vtc00002v400geytd6yyyyyyn.oast.fun", "ck0r1hp2vtc00007c0zggjocy3ryyyyyb.oast.fun", "ho94479k12fy3mdiwjvzvvo09rfh36.oastify.com", "l2g8zu5qwvsj5bewhvvxusdpp.canarytokens.com", "u3yjt7ui4aa5egu44kdrpys1psvjj97y.oastify.com", "u61eou88vswlvti2yihx8ktyrpxfl4.oastify.com", "unld4fepiyjq4ywsrj7mmpaz3q9hx9ly.oastify.com", "uzx39o3nimx3qp8s14uu6kfjhan1brzg.oastify.com", "yhj0choyrutnbvpcjuesxpph58bzztni.oastify.com", "cup1qnm56sdo4bdv.b.requestbin.net", "4or5o5yn5lqzenk4.b.requestbin.net", "bind9-or-callback-server.com", "efrva6.dnslog.cn", "eozpdddh3tifjo.m.pipedream.net", "marcomayo.com", "nirobtest.xyz", "npmtesttut.com" ] }, "malicious-packages-origins": [ { "import_time": "2023-08-10T06:17:18.535277012Z", "source": "ossf-package-analysis", "modified_time": "2023-05-29T11:07:17.020062066Z", "versions": [ "71.999.0" ], "sha256": "6335c6dc85309d9e802aa0989e277e329a7e87887f9ddba2aeb7db0ebc1772f2" }, { "import_time": "2023-09-04T09:11:41.802547358Z", "source": "checkmarx", "modified_time": "2023-09-01T20:12:58Z", "ranges": [ { "type": "SEMVER", "events": [ { "introduced": "0" } ] } ], "sha256": "88c1f10ff1d7a9b89a479bd30b9548a7adc533c677f7913c88563b08e9d28814" }, { "import_time": "2024-06-28T02:42:29.91772069Z", "id": "RLMA-2024-00641", "modified_time": "2024-06-25T12:34:27Z", "versions": [ "62.0.0", "71.999.0", "61.0.0" ], "source": "reversing-labs", "sha256": "96dbe1e6f4940c9b3a3e33e03828cdd29222dd6ee763674b66b60f953ee3e339" } ] }- References
- Credits
-
-
- Checkmarx - FINDER
-
- OpenSSF: Package Analysis - FINDER
-
- ReversingLabs - FINDER
-
Affected packages
npm / cptalertbox
Package
- Name
- cptalertbox
- View open source insights on deps.dev
- Purl
- pkg:npm/cptalertbox