ThreatFox IOC Database

You are viewing the ThreatFox database entry for sha256_hash ee3e4dd5c1e073b8805f4107ccc7bc7e6e3c209fe13ea04ff3f2173c8dbe74a6.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1768049
IOC: ee3e4dd5c1e073b8805f4107ccc7bc7e6e3c209fe13ea04ff3f2173c8dbe74a6
IOC Type :sha256_hash
Threat Type :payload
Malware: GlassWorm
Confidence Level : Confidence level is high (100%)
Is compromised? : False
First seen:2026-03-16 20:32:17 UTC
Last seen:never
UUID:c2ec0add-213a-11f1-9af6-42010aa4000a
Reporter tipo_deincognito
Reward 5 credits from ThreatFox
Tags:glassworm native-addon npm-archive
Reference: https://codeberg.org/tip-o-deincognito/glassworm-writeup

Avatar
tipo_deincognito
GlassWorm Wave 3 decrypted native addons from npm archive. Chrome sideloader (w.node), DumpBrowserSecrets (c_x64.node), macOS sideloader (m), VS Code reader (f_ex86.node), browser detector (data), key generators (index_ia32/x64).