indicatorsha256
e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09
- First seen
- 2026-05-13
- Last seen
- 2026-05-13
- Sightings
- 4
Posts referencing this indicator
- Intelligence Center
setup[.]js - Malicious post-install script that initiates the payload download.
- Elastic releases detections for the Axios supply chain compromise
Hash of setup.js, the Node.js first-stage dropper.
- North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack
SILKBELL setup.js dropper script
- Axios NPM Package Compromised: Supply Chain Attack Hits JavaScript HTTP Client with 100M+ Weekly Downloads
setup.js RAT dropper executed via plain-crypto-js postinstall payload