Indicator of Compromise
High
URL
Active
Value
https://y-hazel-ten.vercel.app/api
Association
BeaverTail
Tags
base64-obfuscated-c2
BeaverTail
ContagiousInterview
DPRK
env-exfiltration
function-eval
jackpot
Lazarus
Novara1o1
npm-prepare-hook
Web3-targeting
Description
botnet_cc
First Seen
April 29, 2026 11:37
Last Seen
Unknown
Created
April 29, 2026 14:27
Last Updated
April 29, 2026 14:27
Additional Metadata
{'anonymous': '0',
'confidence_level': 100,
'crawled_at': '2026-04-29T14:27:44.860625+00:00',
'malware': 'js.beavertail',
'malware_alias': None,
'malware_printable': 'BeaverTail',
'original_value': None,
'reference': 'https://github.com/Novara1o1/jackpot',
'reporter': 'o_zehentleitner',
'source': 'threatfox-abuse-ch',
'tags': ['base64-obfuscated-c2',
'BeaverTail',
'ContagiousInterview',
'DPRK',
'env-exfiltration',
'function-eval',
'jackpot',
'Lazarus',
'Novara1o1',
'npm-prepare-hook',
'Web3-targeting'],
'threat_type': 'botnet_cc',
'threatfox_id': '1802065'}STIX Data
{'description': 'botnet_cc',
'external_references': [{'external_id': '1802065',
'source_name': 'threatfox-abuse-ch',
'url': 'https://threatfox.abuse.ch/ioc/1802065/'}],
'id': 'indicator--1802065',
'name': 'URL: https://y-hazel-ten.vercel.app/api',
'pattern': "[URL:value = 'https://y-hazel-ten.vercel.app/api']",
'pattern_type': 'stix',
'pattern_version': '2.1',
'type': 'indicator',
'valid_from': '2026-04-29 11:37:12',
'valid_until': None}