ThreatFox IOC Database

You are viewing the ThreatFox database entry for sha256_hash e2a8ecd85261dc9b3d2a0d435721f7b8fe3c3bcd846567afeaca77fcf9de2e9e.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1768057
IOC: e2a8ecd85261dc9b3d2a0d435721f7b8fe3c3bcd846567afeaca77fcf9de2e9e
IOC Type :sha256_hash
Threat Type :payload
Malware: GlassWorm
Confidence Level : Confidence level is high (100%)
Is compromised? : False
First seen:2026-03-16 20:32:14 UTC
Last seen:never
UUID:e146a9d2-213a-11f1-9af6-42010aa4000a
Reporter tipo_deincognito
Reward 5 credits from ThreatFox
Tags:encrypted glassworm npm-archive
Reference: https://codeberg.org/tip-o-deincognito/glassworm-writeup

Avatar
tipo_deincognito
GlassWorm Wave 3 AES-128-CBC encrypted native addons from npm archive (pre-decryption). Encrypted w.node, c_x64.node, f_ex86.node, m, data, index_ia32.node, index_x64.node.