tabby-1.0.234-portable-arm64.zip

ZIP

SUSPICIOUS

Mal-ecule

Size 159.2 MB download

First seen 23 days ago

Analyzed 7 days ago

Ecosystem vendor

Source github.com

Objectives

command-and-control/backdoor/dispatch Profile exfiltration with remote execution

supply-chain/recon-exfil npm supply chain attack with CI/CD targeting

anti-analysis/self-modify TS reads own script

anti-analysis/vm-detect Node VM vendor string set

anti-static/obfuscation Generic PEB+PE walk with multiplicative hash resolver (x64)

anti-static/obfuscation/encoding Encoded file download pattern

anti-static/obfuscation/eval Generic Function constructor usage

anti-static/obfuscation/string Python rolling-key XOR loop

command-and-control/backdoor/tasking JS execSync command call

command-and-control/trigger JS import-time / first-touch C2 hook installation

evasion/hijack-execution-flow Node hidden module inject

impact/wipe QNX Node process kill loop

lateral-movement/brute-force SSH authentication methods

supply-chain/hidden-payload Executes npm owner add command

supply-chain/install-hook Node writes npm preinstall hook

supply-chain/install-hook/scripts npm install with --save flag from code

supply-chain/recon-exfil/oast Node encodes host profile JSON as base64

communications/http/url Encoded URL targets .php endpoint

process/control NtSuspendProcess and NtResumeProcess runtime resolution

binary Metasploit related PDB path

20 of 370 traits shown

Source	forager
Feed	tabby
Ecosystem	vendor
Domain	tabby.sh
URL	https://github.com/Eugeny/tabby/releases/download/v1.0.234/tabby-1.0.234-portable-arm64.zip

Not seeing what you expected? Let us know