ThreatFox IOC Database

You are viewing the ThreatFox database entry for sha256_hash a3894003ad1d293ba96d77881ccd2071446dc3f65f434669b49b3da92421901a.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1667150
IOC: a3894003ad1d293ba96d77881ccd2071446dc3f65f434669b49b3da92421901a
IOC Type :sha256_hash
Threat Type :payload
Malware: Shai-Hulud
Confidence Level : Confidence level is high (95%)
Is compromised? : False
First seen:2025-12-04 06:09:49 UTC
Last seen:never
UUID:0cf30783-d099-11f0-a341-42010aa4000a
Reporter duggusa
Reward 5 credits from ThreatFox
Tags:credential-theft dugganusa npm shai-hulud-v2 supply-chain Worm
Reference: https://analytics.dugganusa.com/api/v1/stix-feed

Avatar
duggusa
Shai-Hulud V2: npm supply chain worm. Spreads via preinstall hooks (setup_bun.js). Persistence: ~/.dev-env/. Uses TruffleHog for credential harvesting. Compromised 700+ packages, 27k+ repos. MITRE: T1195.001, T1547.001, T1552.001.