The "W4SP stealer" malware steals personal information, security credentials, and valuable files from victims. The network of criminals behind W4SP has repeatedly used it to attack the open-source supply chain, causing considerable economic damage and personally harming developers. The attacks are ongoing.
By aggregating the public data trails of known threat-actors, we have elucidated a an exceptionally granular topology of the w4sp network and associated threat-space:
Below is a node-graph that incorporates an assumption about a given data-object that tags the object with a scalar correlating with risk of malicious activity. The results seem seem to roughly cluster around "plague.fun", "misogyny.wtf", and "zerotwo-best-waifu.online", and branch out to smaller nodes from there.
We are making the data available in its entirety.
This repository contains over 3,000 open-source data points tied to individuals suspected of culpability for the recent w4sp attacks.
Including:
- domains
- IP addresses
- open ports
- email addresses
- public keys
- ssl certs
- server software
- web technologies
- social media profiles
- passive dns
- http headers
- co-hosted sites
- subdomains
- linked content
- spidered addresses
- raw RIR data
- exposed databases
- exposed remote desktops
- and more
We invite you to fork this repo and add to the list. We have only scratched the surface.
Multiple formats: HTML, PDF, TXT (raw), GEXF, CSV, JSON, XLSX.
This is a raw intelligence report. It may contain errors or omissions, and its accuracy has not been independently verified. Please exercise prudence in your use of this information.