Indicator of Compromise
High
File Hash (SHA256)
Active
Value
cc9e443872d99b07e4bf5f6baa6144fbe0fd24bc610e58340d9b8c755df17fce
Association
BeaverTail
Tags
base64-obfuscated-c2
BeaverTail
ContagiousInterview
DPRK
env-exfiltration
function-eval
jackpot
Lazarus
Novara1o1
npm-prepare-hook
Web3-targeting
Description
payload
First Seen
April 29, 2026 11:37
Last Seen
Unknown
Created
April 29, 2026 14:27
Last Updated
April 29, 2026 14:27
Additional Metadata
{'anonymous': '0',
'confidence_level': 100,
'crawled_at': '2026-04-29T14:27:44.860625+00:00',
'malware': 'js.beavertail',
'malware_alias': None,
'malware_printable': 'BeaverTail',
'original_value': None,
'reference': 'https://github.com/Novara1o1/jackpot',
'reporter': 'o_zehentleitner',
'source': 'threatfox-abuse-ch',
'tags': ['base64-obfuscated-c2',
'BeaverTail',
'ContagiousInterview',
'DPRK',
'env-exfiltration',
'function-eval',
'jackpot',
'Lazarus',
'Novara1o1',
'npm-prepare-hook',
'Web3-targeting'],
'threat_type': 'payload',
'threatfox_id': '1802066'}STIX Data
{'description': 'payload',
'external_references': [{'external_id': '1802066',
'source_name': 'threatfox-abuse-ch',
'url': 'https://threatfox.abuse.ch/ioc/1802066/'}],
'id': 'indicator--1802066',
'name': 'FILE_HASH_SHA256: '
'cc9e443872d99b07e4bf5f6baa6144fbe0fd24bc610e58340d9b8c755df17fce',
'pattern': '[FILE_HASH_SHA256:value = '
"'cc9e443872d99b07e4bf5f6baa6144fbe0fd24bc610e58340d9b8c755df17fce']",
'pattern_type': 'stix',
'pattern_version': '2.1',
'type': 'indicator',
'valid_from': '2026-04-29 11:37:12',
'valid_until': None}