MAL-2021-3
Vulnerability from ossf_malicious_packages
Published
2021-12-24 00:00
Modified
2023-09-01 20:12
Summary
Malicious code in digital-marketing-client (npm)
Details
-= Per source details. Do not edit below this line.=-
Source: checkmarx (902d44e21b6271e6b66059054f16d136d16fdc5172a47797fcfc9eda5a32fa05)
Malicious packages campaign since 2021 targeting developers, steals source code and secrets
Credits
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "digital-marketing-client"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "SEMVER"
}
]
}
],
"credits": [
{
"contact": [
"supplychainsecurity@checkmarx.com",
"https://bit.ly/checkmarx-malicious-packages"
],
"name": "Checkmarx",
"type": "FINDER"
}
],
"database_specific": {
"iocs": {
"domains": [
"6wxd3v84nevku06dcgbqcxrmt.canarytokens.com",
"fhg62xavat9jzyt6euwxi6sro.canarytokens.com",
"1wy3rk316x8qqy4fyxtvcs4kkbq2es2h.oastify.com",
"288utkkrohmp0nr8znflcp88nztrhg.oastify.com",
"bq5m9lnmalh9ktyi9wydockt9kfb32rr.oastify.com",
"c7kxnys58daceezcxx0jjstn6ec50vok.oastify.com",
"cczk46g2vtc0000k68dgggx31deyyyyyb.oast.fun",
"cfrg38n2vtc0000h72xgg8hebweyyyyyb.oast.fun",
"cfswk0m2vtc0000myvg0g8h6jocyyyyyb.oast.fun",
"cfytrzv2vtc00002v400geytd6yyyyyyn.oast.fun",
"ck0r1hp2vtc00007c0zggjocy3ryyyyyb.oast.fun",
"ho94479k12fy3mdiwjvzvvo09rfh36.oastify.com",
"l2g8zu5qwvsj5bewhvvxusdpp.canarytokens.com",
"u3yjt7ui4aa5egu44kdrpys1psvjj97y.oastify.com",
"u61eou88vswlvti2yihx8ktyrpxfl4.oastify.com",
"unld4fepiyjq4ywsrj7mmpaz3q9hx9ly.oastify.com",
"uzx39o3nimx3qp8s14uu6kfjhan1brzg.oastify.com",
"yhj0choyrutnbvpcjuesxpph58bzztni.oastify.com",
"cup1qnm56sdo4bdv.b.requestbin.net",
"4or5o5yn5lqzenk4.b.requestbin.net",
"bind9-or-callback-server.com",
"efrva6.dnslog.cn",
"eozpdddh3tifjo.m.pipedream.net",
"marcomayo.com",
"nirobtest.xyz",
"npmtesttut.com"
],
"ips": [
"178.128.27.205",
"185.62.56.25",
"185.62.57.60",
"198.199.83.132",
"5.9.104.19",
"51.250.2.204",
"65.21.108.160"
]
},
"malicious-packages-origins": [
{
"import_time": "2023-09-04T09:11:41.814663071Z",
"modified_time": "2023-09-01T20:12:58Z",
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "SEMVER"
}
],
"sha256": "902d44e21b6271e6b66059054f16d136d16fdc5172a47797fcfc9eda5a32fa05",
"source": "checkmarx"
}
]
},
"details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: checkmarx (902d44e21b6271e6b66059054f16d136d16fdc5172a47797fcfc9eda5a32fa05)\nMalicious packages campaign since 2021 targeting developers, steals source code and secrets\n",
"id": "MAL-2021-3",
"modified": "2023-09-01T20:12:58Z",
"published": "2021-12-24T00:00:00Z",
"references": [
{
"type": "ARTICLE",
"url": "https://medium.com/checkmarx-security/an-ongoing-open-source-attack-reveals-roots-dating-back-to-2021-4a511979fd98"
}
],
"schema_version": "1.5.0",
"summary": "Malicious code in digital-marketing-client (npm)"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…