{
  "actor_id": "unknown",
  "attack_annotations": [
    {
      "comment": "Malicious npm package used as the initial supply-chain distribution point.",
      "name": "Compromise Software Supply Chain: Compromise Software Dependencies and Development Tools",
      "tactic": "Initial Access",
      "technique_id": "T1195.002"
    },
    {
      "comment": "npm postinstall JavaScript behavior inferred from the npm package context and OX technical analysis.",
      "name": "Command and Scripting Interpreter: JavaScript",
      "tactic": "Execution",
      "technique_id": "T1059.007"
    },
    {
      "comment": "The package reads files from /mnt/user-data.",
      "name": "Data from Local System",
      "tactic": "Collection",
      "technique_id": "T1005"
    },
    {
      "comment": "The package uploads files to an actor-controlled GitHub repository through the GitHub Contents API.",
      "name": "Exfiltration Over Web Service: Exfiltration to Code Repository",
      "tactic": "Exfiltration",
      "technique_id": "T1567.001"
    }
  ],
  "chain": [
    {
      "entity_id": "e001",
      "review_notes": "Public package registry used as the trusted distribution point.",
      "role": "entry",
      "role_confidence": "confirmed",
      "technique_confidence": "confirmed",
      "techniques": [
        "IIM-T006"
      ]
    },
    {
      "entity_id": "e002",
      "review_notes": "Payload behavior happens during npm post-installation; endpoint behavior itself is mostly ATT&CK, but the payload is required to connect entry to GitHub API C2.",
      "role": "payload",
      "role_confidence": "confirmed",
      "technique_confidence": "confirmed",
      "techniques": []
    },
    {
      "entity_id": "e003",
      "review_notes": "Victim-side collection path, retained so the public chain shows what is being exfiltrated.",
      "role": "staging",
      "role_confidence": "confirmed",
      "technique_confidence": "confirmed",
      "techniques": []
    },
    {
      "entity_id": "e004",
      "review_notes": "GitHub is the trusted platform used to hold the attacker-controlled repository and exfiltrated content.",
      "role": "redirector",
      "role_confidence": "confirmed",
      "technique_confidence": "confirmed",
      "techniques": [
        "IIM-T006"
      ]
    },
    {
      "entity_id": "e005",
      "review_notes": "GitHub Contents API is the application API used as the exfiltration/C2 channel.",
      "role": "c2",
      "role_confidence": "confirmed",
      "technique_confidence": "confirmed",
      "techniques": [
        "IIM-T018",
        "IIM-T006"
      ]
    },
    {
      "entity_id": "e006",
      "review_notes": "Remote repository path holding uploaded stolen files; exact path not published.",
      "role": "c2",
      "role_confidence": "confirmed",
      "technique_confidence": "confirmed",
      "techniques": [
        "IIM-T018",
        "IIM-T006"
      ]
    },
    {
      "entity_id": "e007",
      "review_notes": "Credential material used by the payload to access the GitHub API; value omitted.",
      "role": "staging",
      "role_confidence": "confirmed",
      "technique_confidence": "confirmed",
      "techniques": []
    },
    {
      "entity_id": "e008",
      "review_notes": "Diagnostic-looking decoy artifact; useful for story/context, not a core infrastructure node.",
      "role": "staging",
      "role_confidence": "likely",
      "technique_confidence": "confirmed",
      "techniques": []
    }
  ],
  "chain_id": "ox.2026.malware-slop-npm-github-exfil",
  "confidence": "confirmed",
  "description": "IIM chain for the OX Security report published on 2026-05-27 about the malicious npm package mouse5212-super-formatter. The package presents itself as an internal archive deployment sync utility, but during post-installation it authenticates to GitHub using either a victim environment token or a hardcoded fallback token, checks or creates an actor-controlled repository, recursively walks the local /mnt/user-data directory, and uploads collected files through the GitHub Contents API. OX observed around seven active exfiltration sessions in the actor repository before takedown and reported 676 downloads at time of publication. The exact actor account, repository name, hardcoded token value, and package tarball hashes were not published in the text; those are intentionally not invented here.",
  "entities": [
    {
      "evidence": [
        "OX Security identifies mouse5212-super-formatter as a malicious npm package acting as an infostealer.",
        "OX Security lists the affected package name as mouse5212-super-formatter and affected versions as All.",
        "OX Security states the malware reached 676 downloads and was still live on npm at time of publication.",
        "The npm package is the public supply-chain entry point; the package page is referenced by OX, but this chain uses the OX report as the verified source of record."
      ],
      "id": "e001",
      "observed_at": "2026-05-27T00:00:00Z",
      "source": "OX Security: Malware-Slop: New Malicious npm Package Leaks Its Own GitHub Private Token (2026-05-27)",
      "type": "url",
      "value": "https://www.npmjs.com/package/mouse5212-super-formatter",
      "x_affected_versions": "All",
      "x_ecosystem": "npm",
      "x_exact_iocs_published": true,
      "x_package_name": "mouse5212-super-formatter",
      "x_reference_url": "https://www.ox.security/blog/malware-slop-new-malicious-npm-package-leaks-its-own-github-private-token/"
    },
    {
      "evidence": [
        "OX Security states that in the post-installation stage the malware authenticates to GitHub and uploads files.",
        "OX Security states the script presents itself as an internal archive deployment sync utility that validates or initializes a GitHub repository.",
        "OX Security states the script captures a lightweight network status snapshot and performs a structured synchronization of local workspace files into a remote tracking tree.",
        "OX Security states the wording in comments and commit messages is intentionally bland/technical to reduce suspicion."
      ],
      "id": "e002",
      "observed_at": "2026-05-27T00:00:00Z",
      "source": "OX Security: Malware-Slop: New Malicious npm Package Leaks Its Own GitHub Private Token (2026-05-27)",
      "type": "file",
      "value": "npm postinstall script disguised as archive deployment sync utility",
      "x_exact_filename_published": false,
      "x_execution_stage": "postinstall",
      "x_modeling_note": "The article describes the post-installation script behavior but does not publish a stable script filename or hash in text.",
      "x_reference_url": "https://www.ox.security/blog/malware-slop-new-malicious-npm-package-leaks-its-own-github-private-token/"
    },
    {
      "evidence": [
        "OX Security states the malicious package reads and uploads files from /mnt/user-data.",
        "OX Security recommends checking for sensitive files in /mnt/user-data and treating them as compromised if the package was installed.",
        "OX Security states the malware recursively walks a local directory before uploading files through the GitHub Contents API."
      ],
      "id": "e003",
      "observed_at": "2026-05-27T00:00:00Z",
      "source": "OX Security: Malware-Slop: New Malicious npm Package Leaks Its Own GitHub Private Token (2026-05-27)",
      "type": "file",
      "value": "/mnt/user-data",
      "x_reference_url": "https://www.ox.security/blog/malware-slop-new-malicious-npm-package-leaks-its-own-github-private-token/",
      "x_role_note": "Victim-side collection path included to preserve the file-source context for the exfiltration chain."
    },
    {
      "evidence": [
        "OX Security states the malware uses GitHub for the remote destination and repository creation/check/upload flow.",
        "OX Security states the threat actor GitHub repository contained around seven active exfiltration sessions before takedown.",
        "OX Security states the threat actor GitHub account was deleted after the attack."
      ],
      "id": "e004",
      "observed_at": "2026-05-27T00:00:00Z",
      "source": "OX Security: Malware-Slop: New Malicious npm Package Leaks Its Own GitHub Private Token (2026-05-27)",
      "type": "domain",
      "value": "github.com",
      "x_exact_actor_account_published_in_text": false,
      "x_modeling_note": "The text does not publish the actor account/repository name; screenshots may contain visual details, but this chain does not infer from image-only content.",
      "x_platform": "GitHub",
      "x_reference_url": "https://www.ox.security/blog/malware-slop-new-malicious-npm-package-leaks-its-own-github-private-token/"
    },
    {
      "evidence": [
        "OX Security states there is a GitHub-API-based request wrapper used for create/check/upload operations.",
        "OX Security states the malware authenticates to GitHub, checks whether a target repository exists, creates it if needed, and recursively uploads every file through the GitHub Contents API.",
        "OX Security states stolen files are stored under a random per-run folder name to separate multiple theft sessions."
      ],
      "id": "e005",
      "observed_at": "2026-05-27T00:00:00Z",
      "source": "OX Security: Malware-Slop: New Malicious npm Package Leaks Its Own GitHub Private Token (2026-05-27)",
      "type": "url",
      "value": "https://api.github.com/repos/<actor-controlled-account>/<target-repository>/contents/<random-per-run-folder>/",
      "x_api_family": "GitHub Contents API",
      "x_exact_ioc_published": false,
      "x_modeling_note": "This is a normalized infrastructure pattern derived directly from the report text, not a published concrete URL IOC.",
      "x_placeholder_fields": [
        "actor-controlled-account",
        "target-repository",
        "random-per-run-folder"
      ],
      "x_reference_url": "https://www.ox.security/blog/malware-slop-new-malicious-npm-package-leaks-its-own-github-private-token/"
    },
    {
      "evidence": [
        "OX Security states stolen files are stored under a random per-run folder name in the remote repository.",
        "OX Security states the exfiltration primitive uses base64 encoding.",
        "OX Security observed around seven active exfiltration sessions in the actor repository before it was taken down."
      ],
      "id": "e006",
      "observed_at": "2026-05-27T00:00:00Z",
      "source": "OX Security: Malware-Slop: New Malicious npm Package Leaks Its Own GitHub Private Token (2026-05-27)",
      "type": "file",
      "value": "random per-run folder containing base64-encoded uploaded files",
      "x_exact_folder_names_published_in_text": false,
      "x_modeling_note": "Modeled as the remote storage object created inside the attacker-controlled GitHub repository.",
      "x_reference_url": "https://www.ox.security/blog/malware-slop-new-malicious-npm-package-leaks-its-own-github-private-token/"
    },
    {
      "evidence": [
        "OX Security states the malware authenticates to GitHub using an environment token or a hardcoded fallback token.",
        "OX Security states the malicious npm package leaked its own GitHub private token, which helped researchers trace the exfiltration.",
        "OX Security recommends revoking GitHub access tokens if the malicious package was installed."
      ],
      "id": "e007",
      "observed_at": "2026-05-27T00:00:00Z",
      "source": "OX Security: Malware-Slop: New Malicious npm Package Leaks Its Own GitHub Private Token (2026-05-27)",
      "type": "file",
      "value": "hardcoded fallback GitHub token / victim environment GitHub token",
      "x_modeling_note": "Credential artifact included for chain clarity. The token value is intentionally not included.",
      "x_reference_url": "https://www.ox.security/blog/malware-slop-new-malicious-npm-package-leaks-its-own-github-private-token/",
      "x_secret_value_published_in_chain": false
    },
    {
      "evidence": [
        "OX Security states the malware writes a fake network connections log to make execution look like diagnostics rather than theft.",
        "OX Security states comments and commit messages use bland technical wording to reduce suspicion."
      ],
      "id": "e008",
      "observed_at": "2026-05-27T00:00:00Z",
      "source": "OX Security: Malware-Slop: New Malicious npm Package Leaks Its Own GitHub Private Token (2026-05-27)",
      "type": "file",
      "value": "fake network connections diagnostics log",
      "x_modeling_note": "Included as a deception artifact that helps explain the staging behavior; not a network IOC.",
      "x_reference_url": "https://www.ox.security/blog/malware-slop-new-malicious-npm-package-leaks-its-own-github-private-token/"
    }
  ],
  "iim_version": "1.1",
  "import_source": "manual-osint-report-to-iim-conversion",
  "needs_review": false,
  "observed_at": "2026-05-27T00:00:00Z",
  "relations": [
    {
      "confidence": "confirmed",
      "from": "e001",
      "observed_at": "2026-05-27T00:00:00Z",
      "sequence_order": 1,
      "to": "e002",
      "type": "execute",
      "x_evidence": [
        "OX Security states the behavior occurs in the post-installation stage of the malicious npm package.",
        "Affected package: mouse5212-super-formatter, all versions."
      ],
      "x_reference_url": "https://www.ox.security/blog/malware-slop-new-malicious-npm-package-leaks-its-own-github-private-token/"
    },
    {
      "confidence": "confirmed",
      "from": "e002",
      "observed_at": "2026-05-27T00:00:00Z",
      "sequence_order": 2,
      "to": "e007",
      "type": "references",
      "x_evidence": [
        "OX Security states the malware authenticates to GitHub using an environment token or a hardcoded fallback token.",
        "OX Security states the package leaked its own GitHub private token."
      ],
      "x_reference_url": "https://www.ox.security/blog/malware-slop-new-malicious-npm-package-leaks-its-own-github-private-token/"
    },
    {
      "confidence": "confirmed",
      "from": "e002",
      "observed_at": "2026-05-27T00:00:00Z",
      "sequence_order": 3,
      "to": "e003",
      "type": "references",
      "x_evidence": [
        "OX Security states the package reads and uploads files from /mnt/user-data.",
        "OX Security states the malware recursively walks a local directory."
      ],
      "x_reference_url": "https://www.ox.security/blog/malware-slop-new-malicious-npm-package-leaks-its-own-github-private-token/"
    },
    {
      "confidence": "confirmed",
      "from": "e002",
      "observed_at": "2026-05-27T00:00:00Z",
      "sequence_order": 4,
      "to": "e008",
      "type": "drops",
      "x_evidence": [
        "OX Security states the malware writes a fake network connections log to make execution look like diagnostics rather than theft."
      ],
      "x_reference_url": "https://www.ox.security/blog/malware-slop-new-malicious-npm-package-leaks-its-own-github-private-token/"
    },
    {
      "confidence": "confirmed",
      "from": "e002",
      "observed_at": "2026-05-27T00:00:00Z",
      "sequence_order": 5,
      "to": "e004",
      "type": "connect",
      "x_evidence": [
        "OX Security states the malware authenticates to GitHub during post-installation.",
        "OX Security states the actor repository received active exfiltration sessions before takedown."
      ],
      "x_reference_url": "https://www.ox.security/blog/malware-slop-new-malicious-npm-package-leaks-its-own-github-private-token/"
    },
    {
      "confidence": "confirmed",
      "from": "e004",
      "observed_at": "2026-05-27T00:00:00Z",
      "sequence_order": 6,
      "to": "e005",
      "type": "communicates-with",
      "x_evidence": [
        "OX Security states there is a GitHub API request wrapper used for create/check/upload.",
        "OX Security states the malware checks whether a target repository exists, creates it if needed, then uploads files through the GitHub Contents API."
      ],
      "x_reference_url": "https://www.ox.security/blog/malware-slop-new-malicious-npm-package-leaks-its-own-github-private-token/"
    },
    {
      "confidence": "confirmed",
      "from": "e005",
      "observed_at": "2026-05-27T00:00:00Z",
      "sequence_order": 7,
      "to": "e006",
      "type": "drops",
      "x_evidence": [
        "OX Security states stolen files are stored under a random per-run folder name.",
        "OX Security states the exfiltration primitive uses base64 encoding."
      ],
      "x_reference_url": "https://www.ox.security/blog/malware-slop-new-malicious-npm-package-leaks-its-own-github-private-token/"
    }
  ],
  "title": "Malware-Slop npm package to GitHub Contents API exfiltration chain",
  "x_modeling_scope": {
    "excluded_or_not_invented": [
      "exact actor GitHub account name",
      "exact actor repository name",
      "hardcoded private token value",
      "package tarball hash",
      "concrete uploaded file names from victims",
      "details visible only in screenshots unless also supported by report text"
    ],
    "included": [
      "npm package as public supply-chain entry point",
      "postinstall payload behavior required to connect package to remote infrastructure",
      "GitHub trusted-platform exfiltration channel",
      "GitHub Contents API create/check/upload flow",
      "remote random per-run folder used to separate exfiltration sessions"
    ]
  },
  "x_publication_status": {
    "analyst_note": "Good public Malwarebox/IIM feed candidate: shows how trusted developer infrastructure can become both entry and exfiltration infrastructure without requiring attacker-owned domains.",
    "public_feed_ready": true,
    "share_enabled_recommendation": true,
    "tlp": "clear"
  },
  "x_source_title": "Malware-Slop: New Malicious npm Package Leaks Its Own GitHub Private Token",
  "x_source_url": "https://www.ox.security/blog/malware-slop-new-malicious-npm-package-leaks-its-own-github-private-token/",
  "x_source_report": {
    "authors": [
      "Moshe Siman Tov Bustan",
      "Nir Zadok"
    ],
    "published": "2026-05-27",
    "publisher": "OX Security",
    "title": "Malware-Slop: New Malicious npm Package Leaks Its Own GitHub Private Token",
    "url": "https://www.ox.security/blog/malware-slop-new-malicious-npm-package-leaks-its-own-github-private-token/"
  }
}