otx.alienvault.com
Open in
urlscan Pro
13.32.121.87
Public Scan
URL:
https://otx.alienvault.com/pulse/64355cc23117d2f24ba942f2
Submission: On April 11 via api from US — Scanned from DE
Submission: On April 11 via api from US — Scanned from DE
Form analysis
0 forms found in the DOMText Content
× * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Share Actions Subscribers (226527) Suggest Edit Clone Embed Download Report Spam ANALYSIS OF THE FIRST NUGET (.NET) MALICIOUS PACKAGE ATTACK * Created 1 hour ago by AlienVault * Public * TLP: White Detailed analysis of a malicious payload “Impala Stealer”, a custom crypto stealer which was used as the payload for a NuGet malicious packages campaign. Reference: https://jfrog.com/blog/impala-stealer-malicious-nuget-package-payload/ Tags: exodus, impala stealer, nuget, discord, javascript code, powershell Malware Families: Exodus Wallet , Impala Att&ck IDs: T1055 - Process Injection , T1195 - Supply Chain Compromise , T1070 - Indicator Removal on Host , T1547 - Boot or Logon Autostart Execution , T1218 - Signed Binary Proxy Execution , T1102 - Web Service , T1104 - Multi-Stage Channels , T1059 - Command and Scripting Interpreter * Indicators of Compromise (2) * Related Pulses (6) * Comments (0) * History (0) Hostname (2) TYPES OF INDICATORS Show 10 25 50 100 entries Search: type indicator Role title Added Active related Pulses hostnamemanage.carasel.netApr 11, 2023, 1:12:35 PM2 hostnameanarchy.wrapper.netApr 11, 2023, 1:12:35 PM6 SHOWING 1 TO 2 OF 2 ENTRIES COMMENTS You must be logged in to leave a comment. Refresh Comments * © Copyright 2023 AlienVault, Inc. * Legal * Status