MAL-2023-8007

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@rocketrefer/admin-panel/MAL-2023-8007.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2023-8007
Published
2023-07-31T00:00:00Z
Modified
2024-10-24T01:01:55Z
Summary
Malicious code in @rocketrefer/admin-panel (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: checkmarx (cee4d7f564848bd4bb2a8a410f60f22ce1bce642072b14a97281130483c8c1a9)

Malicious packages campaign since 2021 targeting developers, steals source code and secrets

Database specific 
{
    "iocs": {
        "ips": [
            "178.128.27.205",
            "185.62.56.25",
            "185.62.57.60",
            "198.199.83.132",
            "5.9.104.19",
            "51.250.2.204",
            "65.21.108.160"
        ],
        "domains": [
            "6wxd3v84nevku06dcgbqcxrmt.canarytokens.com",
            "fhg62xavat9jzyt6euwxi6sro.canarytokens.com",
            "1wy3rk316x8qqy4fyxtvcs4kkbq2es2h.oastify.com",
            "288utkkrohmp0nr8znflcp88nztrhg.oastify.com",
            "bq5m9lnmalh9ktyi9wydockt9kfb32rr.oastify.com",
            "c7kxnys58daceezcxx0jjstn6ec50vok.oastify.com",
            "cczk46g2vtc0000k68dgggx31deyyyyyb.oast.fun",
            "cfrg38n2vtc0000h72xgg8hebweyyyyyb.oast.fun",
            "cfswk0m2vtc0000myvg0g8h6jocyyyyyb.oast.fun",
            "cfytrzv2vtc00002v400geytd6yyyyyyn.oast.fun",
            "ck0r1hp2vtc00007c0zggjocy3ryyyyyb.oast.fun",
            "ho94479k12fy3mdiwjvzvvo09rfh36.oastify.com",
            "l2g8zu5qwvsj5bewhvvxusdpp.canarytokens.com",
            "u3yjt7ui4aa5egu44kdrpys1psvjj97y.oastify.com",
            "u61eou88vswlvti2yihx8ktyrpxfl4.oastify.com",
            "unld4fepiyjq4ywsrj7mmpaz3q9hx9ly.oastify.com",
            "uzx39o3nimx3qp8s14uu6kfjhan1brzg.oastify.com",
            "yhj0choyrutnbvpcjuesxpph58bzztni.oastify.com",
            "cup1qnm56sdo4bdv.b.requestbin.net",
            "4or5o5yn5lqzenk4.b.requestbin.net",
            "bind9-or-callback-server.com",
            "efrva6.dnslog.cn",
            "eozpdddh3tifjo.m.pipedream.net",
            "marcomayo.com",
            "nirobtest.xyz",
            "npmtesttut.com"
        ]
    },
    "malicious-packages-origins": [
        {
            "import_time": "2023-09-04T09:11:41.784280599Z",
            "modified_time": "2023-09-01T20:12:58Z",
            "source": "checkmarx",
            "ranges": [
                {
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ],
                    "type": "SEMVER"
                }
            ],
            "sha256": "cee4d7f564848bd4bb2a8a410f60f22ce1bce642072b14a97281130483c8c1a9"
        },
        {
            "import_time": "2024-07-02T00:26:36.74265Z",
            "modified_time": "2024-06-25T12:22:20Z",
            "versions": [
                "1.9.9",
                "1.8.2",
                "1.8.9",
                "2.9.9"
            ],
            "id": "RLMA-2024-00193",
            "sha256": "c54804af8ed0bc65c878e45821a6dbecda16413e911fab1e1f3a40fd6b7e26c5",
            "source": "reversing-labs"
        },
        {
            "import_time": "2024-10-24T00:49:26.440589598Z",
            "modified_time": "2024-06-25T12:22:20Z",
            "versions": [
                "1.9.9",
                "1.8.2",
                "1.8.9",
                "2.9.9"
            ],
            "id": "RLMA-2024-00193",
            "sha256": "6d6a16c9b214c6faa90e96d9ebd1e9af6e1742618eb00215bc0c57cc793c8496",
            "source": "reversing-labs"
        }
    ]
}
References
Credits

Affected packages

npm / @rocketrefer/admin-panel

Package

Name
@rocketrefer/admin-panel
View open source insights on deps.dev
Purl
pkg:npm/%40rocketrefer/admin-panel

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.8.2
1.8.9
1.9.9

2.*

2.9.9