Skip to main content
Mallory
Back to threat actors

mini Shai-Hulud

Also known asmini Shai-Hulud

Mini Shai-Hulud is a software supply-chain threat actor/campaign lineage linked in the provided reporting to TeamPCP and also referred to alongside the Miasma lineage. The activity targets open-source software developers, package maintainers, CI/CD environments, and downstream users through compromised npm and PyPI packages, malicious updates, and hijacked publishing credentials. Reported targeting includes SAP’s JavaScript and cloud application development ecosystem, Microsoft’s durabletask Python SDK for Azure Durable Functions, and bioinformatics, multi-omics, and computational genomics PyPI packages managed by a single maintainer. Across the cited incidents, Mini Shai-Hulud used package-manager execution hooks including npm preinstall scripts, Python import-time execution, and Python .pth startup hooks to launch malware. The malware downloaded and executed additional payloads, including Bun-based JavaScript payloads and Python zipapps, and stole developer credentials, GitHub and npm tokens, CI/CD secrets, browser-stored credentials, cloud secrets from AWS, Azure, GCP, Kubernetes, and HashiCorp Vault, as well as local credential files, shell histories, and environment variables. Exfiltration was conducted through attacker-controlled infrastructure and through public GitHub repositories created with stolen victim tokens; reported repository descriptions included "A Mini Shai-Hulud has Appeared." and, for the Hades variant, "Hades - The End for the Damned." The reporting describes self-propagation via GitHub Actions workflow injection, npm publishing workflow abuse, VS Code folder-open tasks, and Claude Code SessionStart hooks, making it notable as an early supply-chain campaign using AI coding-agent configuration for persistence and propagation. Additional reported behaviors include encrypted exfiltration using AES-256-GCM with an embedded RSA-4096 public key, persistence via systemd user services and LaunchAgents, lateral movement through AWS SSM and Kubernetes kubectl exec, and evasion checks including exiting on Russian-locale systems. One report links the infrastructure and tradecraft to TeamPCP through the secondary C2 domain t.m-kosche[.]com, overlapping indicators, Russian folklore-themed naming, and a shared RSA public key. A newly identified PyPI variant is named Hades.

Share:
Are they targeting you?

Know when an actor pivots toward your sector

Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.

Start free trial
OPERATIONAL PROFILE

Targeting

Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.

Who they target

Sectors the actor has been observed targeting.

  • Academia & Research
  • Software & Services
MITRE ATT&CK

Tradecraft

32 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.

12 of 15 tactics48 techniques×N= number of intelligence reports citing this technique
MITRE ATT&CK
TA0001
Initial Access
3 techniques
T1078×6
Valid Accounts
T1091
Replication Through Removable Media
T1195×13
Supply Chain Compromise
T1195.001×4
Compromise Software Dependencies and Development Tools
T1195.002
Compromise Software Supply Chain
TA0002
Execution
3 techniques
T1053×2
Scheduled Task/Job
T1059×2
Command and Scripting Interpreter
T1059.007×6
JavaScript
T1574
Hijack Execution Flow
T1574.001×2
DLL
T1574.013
KernelCallbackTable
TA0003
Persistence
5 techniques
T1053×2
Scheduled Task/Job
T1078×6
Valid Accounts
T1543×2
Create or Modify System Process
T1546×5
Event Triggered Execution
T1556
Modify Authentication Process
TA0004
Privilege Escalation
4 techniques
T1053×2
Scheduled Task/Job
T1078×6
Valid Accounts
T1543×2
Create or Modify System Process
T1546×5
Event Triggered Execution
TA0005
Stealth
5 techniques
T1027×5
Obfuscated Files or Information
T1036
Masquerading
T1078×6
Valid Accounts
T1497
Virtualization/Sandbox Evasion
T1497.001
System Checks
T1574
Hijack Execution Flow
T1574.001×2
DLL
T1574.013
KernelCallbackTable
TA0112
Defense Impairment
1 technique
T1556
Modify Authentication Process
TA0006
Credential Access
6 techniques
T1212
Exploitation for Credential Access
T1528×3
Steal Application Access Token
T1552×3
Unsecured Credentials
T1552.001
Credentials In Files
T1552.005×3
Cloud Instance Metadata API
T1555×6
Credentials from Password Stores
T1555.003×2
Credentials from Web Browsers
T1556
Modify Authentication Process
T1649×7
Steal or Forge Authentication Certificates
TA0007
Discovery
4 techniques
T1497
Virtualization/Sandbox Evasion
T1497.001
System Checks
T1518
Software Discovery
T1526×2
Cloud Service Discovery
T1613×3
Container and Resource Discovery
TA0008
Lateral Movement
1 technique
T1091
Replication Through Removable Media
TA0011
Command and Control
1 technique
T1105×3
Ingress Tool Transfer
TA0010
Exfiltration
2 techniques
T1041×4
Exfiltration Over C2 Channel
T1567×6
Exfiltration Over Web Service
TA0040
Impact
1 technique
T1486
Data Encrypted for Impact
IOCS

Observables

1 indicator attributed to this actor: domains, IPs, hashes, and other artifacts pulled from reporting. View more in app.

1 IOCsView more in app

IOC values are gated. View more in Mallory for domains, IPs, hashes, and other artifacts, or pipe them straight into your SIEM.

ACTIVITY FEED

Recent activity

4 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

4 SOURCESView more in app
thecybersecguruNews
Jun 7, 2026
Hades PyPI Malware: Miasma Campaign Exploits .pth Startup Hooks | The CyberSec Guru

Open-source supply chain threat lineage conducting malicious package campaigns across npm, Packagist, and now PyPI. In this wave it distributed malicious Python wheel artifacts that abuse .pth startup hooks, bootstrap the Bun JavaScript runtime, execute an obfuscated payload, harvest cloud and developer secrets, and exfiltrate them to attacker-controlled GitHub repositories.

Read more
techcrunch com securityNews
May 27, 2026
CrowdStrike and Google take down botnet used by hackers to target software developers in supply chain attacks | TechCrunch

A supply-chain campaign that compromised several open-source projects and pushed malicious updates; the group also compromised an OpenAI developer.

Read more
step security blogNews
May 19, 2026
Microsoft's durabletask PyPI Package Compromised in Supply Chain Attack - StepSecurity

A named campaign operated by TeamPCP associated with worm-like propagation, supply chain compromises, cloud credential theft, exfiltration, and destructive payload deployment.

Read more
the hacker newsNews
Apr 29, 2026
SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

Supply chain attack campaign targeting SAP-related npm packages with credential-stealing malware, harvesting developer, cloud, GitHub, npm, and browser secrets, then self-propagating through GitHub Actions workflows and poisoned npm package publication.

Read more
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: sector and geo overlap with your footprint, the IOCs they’re burning right now, detection coverage, and what to do next.
Start free trial
Target overlap

Match sector + geo + tech-stack targeting against your real footprint.

Tradecraft mapping32

Every observed MITRE ATT&CK technique, grouped by tactic.

Malware arsenal

Families this actor is known to deploy, with IOCs and behavior.

Exploited CVEs

CVEs this actor has used in known campaigns.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Observables1

Domains, IPs, and hashes tied to this actor, refreshed continuously.