| Type | Value | Description | Source Case | Severity | |
|---|---|---|---|---|---|
| Package | eslint-config-prettier (npm) | Compromised package | CASE-2025-0720 | critical | |
| Package | eslint-plugin-prettier (npm) | Compromised package | CASE-2025-0720 | critical | |
| Package | snyckit (npm) | Compromised package | CASE-2025-0720 | critical | |
| File | node-gyp.dll | Malicious loader DLL | CASE-2025-0720 | critical | |
| File | install.js | Initial execution script | CASE-2025-0720 | critical | |
| Hash | c68e42f416f482d43653f36cd14384270b54b68d6496a8e34ce887687de5b441 | Loader DLL SHA256 | CASE-2025-0720 | critical | |
| Hash | 877f40dda3d7998abda1f65364f50efb3b3aebef9020685f57f1ce292914feae | Related sample | CASE-2025-0720 | critical | |
| Hash | 9ec86514d5993782d455a4c9717ec4f06d0dfcd556e8de6cf0f8346b8b8629d4 | Related sample | CASE-2025-0720 | critical | |
| Hash | 0254abb7ce025ac844429589e0fec98a84ccefae38e8e9807203438e2f387950 | Related sample | CASE-2025-0720 | critical | |
| Hash | c3536b736c26cd5464c6f53ce8343d3fe540eb699abd05f496dcd3b8b47c5134 | Sloppy variant with PDB path | CASE-2025-0720 | critical | |
| URL | datahog.su | C2 domain | CASE-2025-0720 | critical | |
| URL | datacrab-analytics.com | C2 domain | CASE-2025-0720 | critical | |
| URL | datalytica.su | C2 domain | CASE-2025-0720 | critical | |
| URL | smartscreen-api.com | C2 domain | CASE-2025-0720 | critical | |
| URL | dieorsuffer.com | C2 domain | CASE-2025-0720 | critical | |
| URL | firebase.su | C2 domain | CASE-2025-0720 | critical | |
| IP | 64.94.84.85 | C2 server | CASE-2024-0815 | critical | |
| IP | 49.12.69.80 | C2 server | CASE-2024-0815 | critical | |
| IP | 96.62.214.11 | C2 server | CASE-2024-0815 | critical | |
| File | socks.dll | Original DLL name | CASE-2024-0815 | critical | |
| Hash | 61f8224108602eb1f74cb525731c9937c2ffd9a7654cb0257624507c0fdb5610 | Supper backdoor sample | CASE-2024-0815 | critical | |
| IP | 103.230.121.124 | XWorm C2 server | CASE-2024-0714 | low | |
| File | Chrome.exe | Fake Chrome malware (XWorm variant) | CASE-2024-0714 | low | |
| Hash | b8d1c0436023bf58ea7b0f530ea37ae67bac0e956d9c93376702b4832055e0fd | SHA256 of Phantom X.exe | CASE-2024-0610 | medium | |
| File | Phantom X.exe | Distributed stealer binary | CASE-2024-0610 | medium | |
| Hash | 94237eac80fd2a20880180cab19b94e8760f0d1f06715ff42a6f60aef84f4adf | SHA256 of Velocity.exe | CASE-2024-0522 | medium | |
| Hash | 8073f87f61f0625f1ec5ecc24c1c686e | MD5 of Velocity.exe | CASE-2024-0522 | medium | |
| File | Velocity.exe | PyInstaller-packed stealer | CASE-2024-0522 | medium | |
| File | blank.aes | Encrypted payload stage | CASE-2024-0522 | medium |