[
  {
    "type": "IP_ADDRESS",
    "value": "136.243.203.109",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "IP_ADDRESS",
    "value": "136.243.203.111",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "IP_ADDRESS",
    "value": "138.199.246.13",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "IP_ADDRESS",
    "value": "116.203.243.208",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "DOMAIN",
    "value": "pool.supportxmr.com",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "097a87cfa4a5186aba3bba096866692951bde59c6f0c2e8c1c4a599246d14da8",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "201594c9d173bba6cb509407ecba378c19b93da0a81a2182a913c480e6dbb54e",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "20bf39e1e67152039e70a01ad9e7b23c08d23d2a724ef9c44903f3d4353a2275",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "35dde1b2482b12582820a861e7c46f10721af6b75052fc872c05d2230a4e8ca1",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "43920ef7d2742d140a1ab2a1ef172c716903474c73561377dc4f1534d2c5f581",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "47d6d1a38534ba897a5a1e293e3d5df303bbd8e0526e756ad08887ffc1417bef",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "68ced9d7c1b1ff8ffb5f56c7d3f849d4fd16a1b95324426811424b40043d6d25",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "6b7ff061eebeb9ead8812c410247768a7ba90786aeeb1bafa6412cc5b08237b5",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "739cdedb20de39aeb1f15dc8c2dbbf15fa993250fd879bf87443ff9aeaf4997b",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "74df77b6a83d89fa137fd285a2efde36b1d62c00b3be81cc93df7d1e6e94837b",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "8b40cc7d173efd27fb60f3d260acef28f58d67d1f39597e1d611db311a305f62",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "9656d3301f63ef6114289739a1c44082206298f787238fc6c190ad87eab24751",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "9b3df1b6c1b98c201de09a7719066f7bcae6b66a3173b703a617f53fddf67d51",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "a17a972a05afe387ed32aa2986d5be8bca2f22619d0aedfa834c6963abfab3bf",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "a4f979b4a5d7bc8bc455dd4c09b44e51a389576fccce35a2c8da3ce680237565",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "a64843ebfbc39e96ec7613003b1b5c3a9b878874ea15a05e1d34ce91781ebfb6",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "aaa2bc1128d8b8b2da76262bf87ede19bac053cca6576efba6aaa71c9438c304",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "b830f043076a12748b6a2dc0810ece85439ee77434d991ae7d84201b09ead756",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "bb30cc2b302d9a6963109b201b78d4163bb6c2d7bc8bf5a66e9a744b62fc2717",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "c328b78c21060e2203ac517833fce41572b91878e187f85fa434cd6914659834",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "c7a4a547eb7f6b0b4b75bb6dd8955244bb2618ba234ae740cdedd7c2d30e3465",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "d384c403c084967d8c967501ee6332b050af04ef424f13a3f5a88d155389d98c",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "d6446f2803444bd2200d48a01a9ad7d487e67e8e831c9cd13f89cbfec17fd4e2",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "d7c9c9469c513c05aa431fae34f414f91fcf3f794d3e76b6e4d0b92c4cd3ff2e",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "d8c1f96107a3349e62b3ab9afc60f62af9c89b6961b637a26b71e1230f2b3b8a",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "f0dcb7e407de85d8de8e2221df8dddecac8aec88af8975c9f07e14100f6edb88",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "0a6a67a2fc4d79ec1cd8afc5b8b7a5e69a406e53d57a7334e097c5d0644de5f6",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "488d941b7b4428b0f4a0e5495e3857b9b96215fb3e7f164b06640d59096425e6",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "5d7324d8b5a25f862ef8223c6766d0e80af3ad168e17312b265e13a3a68e0ded",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "7720e83c02a027d70ae201c393c1956aa2fa8199879a3a4c4fd1d20b03022cfd",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "7e49da0ae2f81e14841f356b4d69f0480c2d9ce3fab5a3fa91b0036d9a36fa0f",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "b8b5f6991a3a61083461d5269245bebf28b90934c328848ba8c1e084a5a6216c",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "b927d265fa29e471c1ae0d31516e480c09c0fb17f480ad08ea8d5b73e84b7a1b",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "b9b6893fa6b04ee8daa29e515c08239ac5204af1a1fa2bc10006eede1b41329b",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "c7c37a973b14edd5b6b2da4a1497c593e43640735ff54aecc9a3288fa5e548e3",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "d2148a458da46e81702136aa915312d360805f083d1f37ff5531db9fbdb8ad6d",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "d7b56818c829960b692de9ad5a14e52669d953e9f074f7218c3fe34ede4a11a0",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "db2a872f712fbdb1e347d06e29a9ed8278d86710ffc14ff04422be76e47124f4",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "e9e5e748ec5c0b811c8e60b0e55059edb4d2df86ff3ca45969e57d5fecb11a38",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "03e6f4f49cec3af38bbec9ed64c195c7a85a630ec989efb3669f04a2993c1dd7",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "914c18a04a2727bba9cecab78a1d516ec3c7a3f667e0e5a6081aa0e9206a69fe",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "d78082dc33c6dca98316e865efa9829c6eb5a97c2ca3cd4ea6c2123a5f6ae45b",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "15489bcd6e4602b41c9a787ec8d7ab027d5e45d400938048bb1c702ad5937980",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "169a330353e53a409e0109c914404354741ff1e1c64e501738dc05e58ea92abc",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "2a02ec4af5ed591afdf1236a443e3b68642ee133f38a2857d1eada51246ab498",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "9b2e65db653ca8575c9b10eefb9a80c6006404812c2ec212bf5675e3c690233b",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "d425e4583cc6185d41e95c45eda00550045a5d1919b9a012236a4520d009dbd7",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "bfaeb987faa6de2b5a5eb63b1233d055215b09b0349a9394f2175fd7cdf385e4",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "34014776d3d3ff11bc4439b02fd7ac0f02a887eb3a052eeafff236e2f6db8ad1",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "082d733db0687dcd768104972b065d4b58cb1e6043688c6c20fa3702337f36ab",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "9e214f38537e69bf51c7fa1ddd35ae495e9cb897231ec010baf9e4f29407ee9a",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "f873941d1907a97dc6c718fdecf59fd7d91f3f8212da2f7e5314b878b88bdc0b",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "550af477c12192a22f5c9edb9c8081c0a789b3a1a2992a7ecb157cca1c975e10",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "24b9ee242f21a73b55f7bb3297eafb33c60840907386b542ed79fc6b72365168",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "9f1a709310824f9110c6203d861a721ebefba8b204a8657057fe57efb961c850",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "SHA1_FILE_HASH",
    "value": "22bf76fe317ea6769bd38619bd440e42d119bd6b",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "SHA1_FILE_HASH",
    "value": "a7e18d96efd3cdb127ef4cdcad9e3ad26c482bf2",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "SHA1_FILE_HASH",
    "value": "9890950adcbc2478e7a080234f053214adbad44e",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "SHA1_FILE_HASH",
    "value": "c70e105e212ff3c1daa04bb2a62507717f296b0b",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "SHA1_FILE_HASH",
    "value": "c8cb3f6d5b90c46686d2bf531dc1a5786e27edc5",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "IP_ADDRESS",
    "value": "85.137.53.71",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "URL",
    "value": "http://85.137.53.71:8080/api/v1/beacon",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "URL",
    "value": "http://85.137.53.71:8080/api/v1/file-result",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "FILE_NAME",
    "value": "miasma-monitor.service",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "FILE_NAME",
    "value": "SIMULATION_WIPE_TRIGGERED.txt",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "MD5_FILE_HASH",
    "value": "1ab58838e5790efb22f2d35ab98c0b7d",
    "published": "2026-07-09T23:49:02+03:00",
    "briefs": "ToddyCat APT's Umbrij Tool: Gmail OAuth Token Theft via DLL Sideloading and Browser Remote Debugging"
  },
  {
    "type": "MD5_FILE_HASH",
    "value": "a7d7d6c4c3f227f7117261c63b9e23a9",
    "published": "2026-07-09T23:49:02+03:00",
    "briefs": "ToddyCat APT's Umbrij Tool: Gmail OAuth Token Theft via DLL Sideloading and Browser Remote Debugging"
  },
  {
    "type": "MD5_FILE_HASH",
    "value": "3d3a621f852c42d97fd7260681e42508",
    "published": "2026-07-09T23:49:02+03:00",
    "briefs": "ToddyCat APT's Umbrij Tool: Gmail OAuth Token Theft via DLL Sideloading and Browser Remote Debugging"
  },
  {
    "type": "MD5_FILE_HASH",
    "value": "3432dd9ac0df80ef86eb80bd080f839b",
    "published": "2026-07-09T23:49:02+03:00",
    "briefs": "ToddyCat APT's Umbrij Tool: Gmail OAuth Token Theft via DLL Sideloading and Browser Remote Debugging"
  },
  {
    "type": "MD5_FILE_HASH",
    "value": "22aaeb4946ba6d2f2e27feb7dbb295de",
    "published": "2026-07-09T23:49:02+03:00",
    "briefs": "ToddyCat APT's Umbrij Tool: Gmail OAuth Token Theft via DLL Sideloading and Browser Remote Debugging"
  },
  {
    "type": "MD5_FILE_HASH",
    "value": "f61fbfb7aa1cd5dc8f70b055b51563e2",
    "published": "2026-07-09T23:49:02+03:00",
    "briefs": "ToddyCat APT's Umbrij Tool: Gmail OAuth Token Theft via DLL Sideloading and Browser Remote Debugging"
  },
  {
    "type": "MD5_FILE_HASH",
    "value": "f169d6d172dfb775895a5e2b1540c854",
    "published": "2026-07-09T23:49:02+03:00",
    "briefs": "ToddyCat APT's Umbrij Tool: Gmail OAuth Token Theft via DLL Sideloading and Browser Remote Debugging"
  },
  {
    "type": "IP_ADDRESS",
    "value": "176.123.4.44",
    "published": "2026-07-08T18:54:56+03:00",
    "briefs": "Storm-2949: Compromised Identity to Cloud-Wide Azure Breach"
  },
  {
    "type": "IP_ADDRESS",
    "value": "91.208.197.87",
    "published": "2026-07-08T18:54:56+03:00",
    "briefs": "Storm-2949: Compromised Identity to Cloud-Wide Azure Breach"
  },
  {
    "type": "IP_ADDRESS",
    "value": "185.241.208.243",
    "published": "2026-07-08T18:54:56+03:00",
    "briefs": "Storm-2949: Compromised Identity to Cloud-Wide Azure Breach"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "2abe5dd3a057fdef935722e50e9251c272d29fd26113187b853a1f9a9cb89d9b",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "79f7b67ce8b39070f3e1c2b90fce0ce84134782a7dedcccc1edac197ee9e089b",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "3b7ae925e2d64522b4f69b56285b05aeca8c5aab5ab46a9c02c4fafb69d881ce",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "cd4e5e2c65b1660470d3446539ee68adf5faeece3eaeb46583623be9911ee145",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "2ada24dd6e517f37942b749c2bd57ddd97445e9853002cee70a0bc30d0b0ce3a",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "IP_ADDRESS",
    "value": "77.110.122.58",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "IP_ADDRESS",
    "value": "213.165.41.26",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "DOMAIN",
    "value": "cl.distritovagas.com",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "DOMAIN",
    "value": "sonra.eutialyson.com",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "DOMAIN",
    "value": "anus-staylard.xyz",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "DOMAIN",
    "value": "pestrear-lamp.xyz",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "DOMAIN",
    "value": "resumeacceptable.com",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "URL",
    "value": "https://cl.distritovagas.com/hte.hta",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "URL",
    "value": "https://sonra.eutialyson.com/inst24.msi",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "FILE_NAME",
    "value": "inst24.msi",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "FILE_NAME",
    "value": "cons_1.0.1.msi",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "FILE_NAME",
    "value": "hyper-v.ver",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "FILE_NAME",
    "value": "ek_kill_av.ps1",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "FILE_NAME",
    "value": "ek_disable_av.ps1",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "DOMAIN",
    "value": "cgky6bn6ux5wvlybtmm3z255igt52ljml2ngnc5qp3cnw5jlglamisad.onion",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "DOMAIN",
    "value": "gfoqsewps57xcyxoedle2gd53o6jne6y5nq5eh25muksqwzutzq7b3ad.onion",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "DOMAIN",
    "value": "he5vnov645txpcv57el2theky2elesn24ebvgwfoewlpftksxp4fnxad.onion",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "DOMAIN",
    "value": "lyhizqy2js2eh6ufngkbzntouiikdek5zsdj3qwa22b4z6knpqorgiad.onion",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "DOMAIN",
    "value": "j3bv7g27oramhbxxuv6gl3dcyfmf44qnvju3offdyrap7hurfprq74qd.onion",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "DOMAIN",
    "value": "shinypogk4jjniry5qi7247tznop6mxdrdte2k6pdu5cyo43vdzmrwid.onion",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "DOMAIN",
    "value": "7goms4byw26kkbaanz5a5u5234gusot7rp5imzc3ozh66wwcvmcudjid.onion",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "DOMAIN",
    "value": "facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "DOMAIN",
    "value": "wt26llpl5k6gok3vnaxmucwgzv2wk3l7nuibbh25clghrtus3p5ctsid.onion",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "DOMAIN",
    "value": "ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "7630debd35cac6b7d58c4427695579b3e3a8b1cc462f523234cd6c698882a68c",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "a7abf1d9d6686af1cefcd60b17a312e7eb8cfe267def1ec34aeab6128c811630",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "23c1e673f315dafa14b73034a90dd3d393a984451ff6601b8be8142be6487b43",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "cf9fc891ea5ca5ecd8113ef3e69f6f52ff538b6cccbdaa9559106fc72bc6da30",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "100407796028bf3649752d9d2a67a0e4394d752eb8de86daa42920e814f3fae8",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "d14b80cbd1a19d4ad0473a0661297f8fdf598e81ff6c4ab24e212dcad2e54b3f",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "9d90f54ae36c6c5435d5b8bed40faf54cc91f6db28574a6310b5ffaeb0362e96",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "67fc5cf395e28294bbb91ed0e954fdf2e80ebd9119022a115a42c286dc8bacf5",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "0020d23b0f9c5e6851a7f737af73fd143175ee47054931166369edd93338538a",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "35a6bc44b176a050fd6824904b7604f0f45b0fdfa26bf9500b9e05973b387cfd",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "c824630154ac4fdfce94ded01f037c305eab51e9bef3f493c60ff3184a640502",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "d43bf94f0cb0ab97c88113b7e07d1a4024d1610617b5ad05882b1dbab89e15ba",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "b2777b73a4c33ac6a409d475057843be6b5d32262ef28a1f1ff5bb52e3834c5f",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "7787a9a7d8ae393aa32f257d083903c4dc9b97a1e5b0458c4cd480d4f3cb5b05",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "f3b54984caca95fd496bcfe5d7db1611b08d2f5b7d250b43b430e5d76393f9e0",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "20db98af3037b197c8a846dbf17b87fc6f049c3e0d9a188f9b9a74d3916dd5e1",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "56b08aa03bd8c0ea094cfeb03d5954ffd857bac42df929dc835eea62f32b09e0",
    "published": "2026-06-30T11:59:30+03:00",
    "briefs": "Medusa Ransomware - RaaS Double Extortion Against Critical Sectors"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "baa980ae253101066ae7e551a354116454e8697ff2154a907c9885770cdae4ae",
    "published": "2026-06-30T11:59:30+03:00",
    "briefs": "Medusa Ransomware - RaaS Double Extortion Against Critical Sectors"
  },
  {
    "type": "EMAIL",
    "value": "key.medusa.serviceteam@protonmail.com",
    "published": "2026-06-30T11:59:30+03:00",
    "briefs": "Medusa Ransomware - RaaS Double Extortion Against Critical Sectors"
  },
  {
    "type": "EMAIL",
    "value": "medusasupport@cock.li",
    "published": "2026-06-30T11:59:30+03:00",
    "briefs": "Medusa Ransomware - RaaS Double Extortion Against Critical Sectors"
  },
  {
    "type": "FILE_NAME",
    "value": "gaze.exe",
    "published": "2026-06-30T11:59:30+03:00",
    "briefs": "Medusa Ransomware - RaaS Double Extortion Against Critical Sectors"
  },
  {
    "type": "FILE_NAME",
    "value": "smuol.sys",
    "published": "2026-06-30T11:59:30+03:00",
    "briefs": "Medusa Ransomware - RaaS Double Extortion Against Critical Sectors"
  },
  {
    "type": "FILE_NAME",
    "value": "openrdp.bat",
    "published": "2026-06-30T11:59:30+03:00",
    "briefs": "Medusa Ransomware - RaaS Double Extortion Against Critical Sectors"
  },
  {
    "type": "FILE_NAME",
    "value": "powerfun.ps1",
    "published": "2026-06-30T11:59:30+03:00",
    "briefs": "Medusa Ransomware - RaaS Double Extortion Against Critical Sectors"
  },
  {
    "type": "FILE_NAME",
    "value": "!!!READ_ME_MEDUSA!!!.txt",
    "published": "2026-06-30T11:59:30+03:00",
    "briefs": "Medusa Ransomware - RaaS Double Extortion Against Critical Sectors"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "aaf5569c8e349c15028bc3fac09eb982efb06eabac955b705a6d447263658e38",
    "published": "2026-06-25T16:47:57+03:00",
    "briefs": "BRICKSTORM: UNC5221 Espionage Campaign Targeting VMware Infrastructure and Microsoft Identity"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "013211c56caaa697914b5b5871e4998d0298902e336e373ebb27b7db30917eaf",
    "published": "2026-06-25T16:47:57+03:00",
    "briefs": "BRICKSTORM: UNC5221 Espionage Campaign Targeting VMware Infrastructure and Microsoft Identity"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "57bd98dbb5a00e54f07ffacda1fea91451a0c0b532cd7d570e98ce2ff741c21d",
    "published": "2026-06-25T16:47:57+03:00",
    "briefs": "BRICKSTORM: UNC5221 Espionage Campaign Targeting VMware Infrastructure and Microsoft Identity"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "b3b6a992540da96375e4781afd3052118ad97cfe60ccf004d732f76678f6820a",
    "published": "2026-06-25T16:47:57+03:00",
    "briefs": "BRICKSTORM: UNC5221 Espionage Campaign Targeting VMware Infrastructure and Microsoft Identity"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "22c15a32b69116a46eb5d0f2b228cc37cd1b5915a91ec8f38df79d3eed1da26b",
    "published": "2026-06-25T16:47:57+03:00",
    "briefs": "BRICKSTORM: UNC5221 Espionage Campaign Targeting VMware Infrastructure and Microsoft Identity"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "f7cda90174b806a34381d5043e89b23ba826abcc89f7abd520060a64475ed506",
    "published": "2026-06-25T16:47:57+03:00",
    "briefs": "BRICKSTORM: UNC5221 Espionage Campaign Targeting VMware Infrastructure and Microsoft Identity"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "39b3d8a8aedffc1b40820f205f6a4dc041cd37262880e5030b008175c45b0c46",
    "published": "2026-06-25T16:47:57+03:00",
    "briefs": "BRICKSTORM: UNC5221 Espionage Campaign Targeting VMware Infrastructure and Microsoft Identity"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "73fe8b8fb4bd7776362fd356fdc189c93cf5d9f6724f6237d829024c10263fe5",
    "published": "2026-06-25T16:47:57+03:00",
    "briefs": "BRICKSTORM: UNC5221 Espionage Campaign Targeting VMware Infrastructure and Microsoft Identity"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "77b49c854afd6746fee393711b48979376fb910b34105c0e18a3fdc24ea31d5c",
    "published": "2026-06-25T16:47:57+03:00",
    "briefs": "BRICKSTORM: UNC5221 Espionage Campaign Targeting VMware Infrastructure and Microsoft Identity"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "6a67a9769a55ec889a5dd4199b2fc08965d39d737838836853bc13c81c56a800",
    "published": "2026-06-25T16:47:57+03:00",
    "briefs": "BRICKSTORM: UNC5221 Espionage Campaign Targeting VMware Infrastructure and Microsoft Identity"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "ed907d39efd5750236b075ca9fbb1f090d7bf578578c38faab24210d298a60ae",
    "published": "2026-06-25T16:47:57+03:00",
    "briefs": "BRICKSTORM: UNC5221 Espionage Campaign Targeting VMware Infrastructure and Microsoft Identity"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "24a11a26a2586f4fba7bfe89df2e21a0809ad85069e442da98c37c4add369a0c",
    "published": "2026-06-25T16:47:57+03:00",
    "briefs": "BRICKSTORM: UNC5221 Espionage Campaign Targeting VMware Infrastructure and Microsoft Identity"
  },
  {
    "type": "IP_ADDRESS",
    "value": "149.248.11.71",
    "published": "2026-06-25T16:47:57+03:00",
    "briefs": "BRICKSTORM: UNC5221 Espionage Campaign Targeting VMware Infrastructure and Microsoft Identity"
  },
  {
    "type": "FILE_NAME",
    "value": "vsm-boot-monitordvcenter",
    "published": "2026-06-25T16:47:57+03:00",
    "briefs": "BRICKSTORM: UNC5221 Espionage Campaign Targeting VMware Infrastructure and Microsoft Identity"
  },
  {
    "type": "FILE_NAME",
    "value": "vsm-monitordvcenter",
    "published": "2026-06-25T16:47:57+03:00",
    "briefs": "BRICKSTORM: UNC5221 Espionage Campaign Targeting VMware Infrastructure and Microsoft Identity"
  },
  {
    "type": "MD5_FILE_HASH",
    "value": "8af1c3f39b60072d4b68c77001d58109",
    "published": "2026-06-25T16:47:57+03:00",
    "briefs": "BRICKSTORM: UNC5221 Espionage Campaign Targeting VMware Infrastructure and Microsoft Identity"
  },
  {
    "type": "MD5_FILE_HASH",
    "value": "c65d7f8accb57a95e3ea8a07fac9550f",
    "published": "2026-06-25T16:47:57+03:00",
    "briefs": "BRICKSTORM: UNC5221 Espionage Campaign Targeting VMware Infrastructure and Microsoft Identity"
  },
  {
    "type": "DOMAIN",
    "value": "ms-azure.azdatastore.workers.dev",
    "published": "2026-06-25T16:47:57+03:00",
    "briefs": "BRICKSTORM: UNC5221 Espionage Campaign Targeting VMware Infrastructure and Microsoft Identity"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "b122a9873bedf145ae2a7fd024b5f309007dbb025149f4dc4ac3f7e4f32a36a4",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "221c45a790dec2a296af57969e1165a16f8f49733aeab64c0bbd768d9943badf",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "ae70dd4f6bc0d1c8c2848e4e6b51934626c4818dcb5af99d080ddbd7dc337185",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "4a8860240e4231c3a74c81949be655a28e096a7d72f38fbe84e5b37636b98417",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "b73de25c053c3225a077738a1fcbd9ca6966d7b3cd6f5494a30f0aa0eae55c7e",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "50eae63d3e24be9ca8803f4b5a0408aef97ee3fab7af018d8c2dde7c359edd65",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "1d1bf5e8c1539d2f05b1429235b8f4990f87036774be95157b315a7803dd5526",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "FILE_NAME",
    "value": ".pkg_history",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "FILE_NAME",
    "value": ".pkg_logs",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "FILE_NAME",
    "value": "system.bat",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "FILE_NAME",
    "value": "protocal.cjs",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "IP_ADDRESS",
    "value": "23.254.164.92",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "IP_ADDRESS",
    "value": "23.254.164.123",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "DOMAIN",
    "value": "teams.onweblive.org",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "DOMAIN",
    "value": "maskasd.com",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "URL",
    "value": "https://23.254.164.92:8000/update/49890878",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "URL",
    "value": "https://teams.onweblive.org/api/update/8555575039/4",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "URL",
    "value": "https://maskasd.com/8555575039",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "EMAIL",
    "value": "sergey2016@tutamail.com",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "EMAIL",
    "value": "ehindero2016@tutamail.com",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "IP_ADDRESS",
    "value": "142.11.200.186",
    "published": "2026-06-18T16:27:33+03:00",
    "briefs": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day"
  },
  {
    "type": "IP_ADDRESS",
    "value": "142.11.200.187",
    "published": "2026-06-18T16:27:33+03:00",
    "briefs": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day"
  },
  {
    "type": "IP_ADDRESS",
    "value": "142.11.200.188",
    "published": "2026-06-18T16:27:33+03:00",
    "briefs": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day"
  },
  {
    "type": "IP_ADDRESS",
    "value": "142.11.200.189",
    "published": "2026-06-18T16:27:33+03:00",
    "briefs": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day"
  },
  {
    "type": "IP_ADDRESS",
    "value": "142.11.200.190",
    "published": "2026-06-18T16:27:33+03:00",
    "briefs": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day"
  },
  {
    "type": "DOMAIN",
    "value": "azurenetfiles.net",
    "published": "2026-06-18T16:27:33+03:00",
    "briefs": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day"
  },
  {
    "type": "URL",
    "value": "wss://azurenetfiles.net:443/agent.ashx",
    "published": "2026-06-18T16:27:33+03:00",
    "briefs": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "c7e9332731b06644fc73e0046a2a89eaa59b09f54250e9bd622467187351711f",
    "published": "2026-06-18T16:27:33+03:00",
    "briefs": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "f02a924c9ff92a8780ce812511341182c6b509d45bc59f3f7b522e37225d24fc",
    "published": "2026-06-18T16:27:33+03:00",
    "briefs": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "d83fdb9e53c5ff03c4cb0451ea1bebd79b53f29eadc1e2fa394c7af13a86ce2f",
    "published": "2026-06-18T16:27:33+03:00",
    "briefs": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "68257a6f9ff196179ec03624e849927f26599eb180a7c82e14ef5bc4e93bc309",
    "published": "2026-06-18T16:27:33+03:00",
    "briefs": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "2ab684d93c1553fad87041b4dea97188a97e78589deee2a7bacff905564f3a35",
    "published": "2026-06-18T16:27:33+03:00",
    "briefs": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day"
  },
  {
    "type": "FILE_NAME",
    "value": "meshagent32-azure-ops.exe",
    "published": "2026-06-18T16:27:33+03:00",
    "briefs": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day"
  },
  {
    "type": "FILE_NAME",
    "value": "meshagent64-azure-ops.exe",
    "published": "2026-06-18T16:27:33+03:00",
    "briefs": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day"
  },
  {
    "type": "FILE_NAME",
    "value": "README-IF-YOU-SEE-THIS-YOUVE-BEEN-HACKED.TXT",
    "published": "2026-06-18T16:27:33+03:00",
    "briefs": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "0023baf38263857e32b8cdbeb25ac2e95ae25ccf082d193f187ef8fc192f930b",
    "published": "2026-06-11T14:42:36+03:00",
    "briefs": "DragonForce Ransomware Cartel: Multi-Sector Targeting with Dual-Platform Encryption"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "1250ba6f25fd60077f698a2617c15f89d58c1867339bfd9ee8ab19ce9943304b",
    "published": "2026-06-11T14:42:36+03:00",
    "briefs": "DragonForce Ransomware Cartel: Multi-Sector Targeting with Dual-Platform Encryption"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "312ca1a8e35dcf5b80b1526948bd1081fed2293b31d061635e9f048f3fe5eb83",
    "published": "2026-06-11T14:42:36+03:00",
    "briefs": "DragonForce Ransomware Cartel: Multi-Sector Targeting with Dual-Platform Encryption"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "372e753992d2a95895f88d132af89d13e2dd3742403a25471b070106b6c5a183",
    "published": "2026-06-11T14:42:36+03:00",
    "briefs": "DragonForce Ransomware Cartel: Multi-Sector Targeting with Dual-Platform Encryption"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "3a6ea4790be64a6ef48782cafc951a75d4b16508ace61eeab10358fb687ce0fb",
    "published": "2026-06-11T14:42:36+03:00",
    "briefs": "DragonForce Ransomware Cartel: Multi-Sector Targeting with Dual-Platform Encryption"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "527f71e2ac55ee18f4376f213a242a20aa63f7ab501a23888b7d41ea8661802b",
    "published": "2026-06-11T14:42:36+03:00",
    "briefs": "DragonForce Ransomware Cartel: Multi-Sector Targeting with Dual-Platform Encryption"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "5c54bd1aa2abf024f53490b7d93101496b5842a5a81a51955fe7f1d5e4281409",
    "published": "2026-06-11T14:42:36+03:00",
    "briefs": "DragonForce Ransomware Cartel: Multi-Sector Targeting with Dual-Platform Encryption"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "61fa5321c70325a6986c965144198f3cf25b32dd321c9517120357ea2fa147a7",
    "published": "2026-06-11T14:42:36+03:00",
    "briefs": "DragonForce Ransomware Cartel: Multi-Sector Targeting with Dual-Platform Encryption"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "6d8d24b3db2d53ca3968d39cfa575cdca5d0fcb294c54abafb7f3ba82c71db4c",
    "published": "2026-06-11T14:42:36+03:00",
    "briefs": "DragonForce Ransomware Cartel: Multi-Sector Targeting with Dual-Platform Encryption"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "88169b1d4778ed6c5fda97375efb5b9171ea52649c8715bb449801c39bce4ad4",
    "published": "2026-06-11T14:42:36+03:00",
    "briefs": "DragonForce Ransomware Cartel: Multi-Sector Targeting with Dual-Platform Encryption"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "d4de7d7990114c51056afeedb827d880549d5761aac6bdef0f14cb17c25103b3",
    "published": "2026-06-11T14:42:36+03:00",
    "briefs": "DragonForce Ransomware Cartel: Multi-Sector Targeting with Dual-Platform Encryption"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "de26ea9b30858a588447c8f65f27d53e88da6dfbbe0a635dc723d1fd896ae628",
    "published": "2026-06-11T14:42:36+03:00",
    "briefs": "DragonForce Ransomware Cartel: Multi-Sector Targeting with Dual-Platform Encryption"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "188bc243cc42f8ffa4c1ed02aad5a76c9000e3d58104f45fe71af66536a274da",
    "published": "2026-06-11T14:42:36+03:00",
    "briefs": "DragonForce Ransomware Cartel: Multi-Sector Targeting with Dual-Platform Encryption"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "4194a2c45d940078a178de9288e3ef87d267c26964f1fd975afcee0c447beed3",
    "published": "2026-06-11T14:42:36+03:00",
    "briefs": "DragonForce Ransomware Cartel: Multi-Sector Targeting with Dual-Platform Encryption"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "4d0650b3fe7a87c894c5478d32d2d48bd70a0134f1787c4a1e68c28436841798",
    "published": "2026-06-11T14:42:36+03:00",
    "briefs": "DragonForce Ransomware Cartel: Multi-Sector Targeting with Dual-Platform Encryption"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "55befb5de5d9bc45978efd1a960ae21ed81e4be9c6521aaeebf8d5884444e3c9",
    "published": "2026-06-11T14:42:36+03:00",
    "briefs": "DragonForce Ransomware Cartel: Multi-Sector Targeting with Dual-Platform Encryption"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "572d88c419c6ae75aeb784ceab327d040cb589903d6285bbffa77338111af14b",
    "published": "2026-06-11T14:42:36+03:00",
    "briefs": "DragonForce Ransomware Cartel: Multi-Sector Targeting with Dual-Platform Encryption"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "df903c620508011ca8eb2aaaf9712a526b31a12c800b856cd524ebb3fde854b2",
    "published": "2026-06-11T14:42:36+03:00",
    "briefs": "DragonForce Ransomware Cartel: Multi-Sector Targeting with Dual-Platform Encryption"
  },
  {
    "type": "IP_ADDRESS",
    "value": "200.107.207.26",
    "published": "2026-06-10T16:33:51+03:00",
    "briefs": "CL0P Ransomware Group Targets Multiple Industries Globally Through Wide-Spread 0-Day Campaigns"
  },
  {
    "type": "IP_ADDRESS",
    "value": "161.97.99.49",
    "published": "2026-06-10T16:33:51+03:00",
    "briefs": "CL0P Ransomware Group Targets Multiple Industries Globally Through Wide-Spread 0-Day Campaigns"
  },
  {
    "type": "IP_ADDRESS",
    "value": "162.55.17.215",
    "published": "2026-06-10T16:33:51+03:00",
    "briefs": "CL0P Ransomware Group Targets Multiple Industries Globally Through Wide-Spread 0-Day Campaigns"
  },
  {
    "type": "IP_ADDRESS",
    "value": "104.194.11.200",
    "published": "2026-06-10T16:33:51+03:00",
    "briefs": "CL0P Ransomware Group Targets Multiple Industries Globally Through Wide-Spread 0-Day Campaigns"
  },
  {
    "type": "EMAIL",
    "value": "support@pubstorm.com",
    "published": "2026-06-10T16:33:51+03:00",
    "briefs": "CL0P Ransomware Group Targets Multiple Industries Globally Through Wide-Spread 0-Day Campaigns"
  },
  {
    "type": "EMAIL",
    "value": "support@pubstorm.net",
    "published": "2026-06-10T16:33:51+03:00",
    "briefs": "CL0P Ransomware Group Targets Multiple Industries Globally Through Wide-Spread 0-Day Campaigns"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "5b3089eefab0e043af8894de86022bdc6df2f42f7098dbd530f42c0ec861d5d8",
    "published": "2026-06-04T15:15:28+03:00",
    "briefs": "DonutLoader Delivers Remcos RAT via Multi-Stage LOLBin Phishing Chain"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "14a0d7978872a2739ac31ef42539e8c708af6afccc5eb74f22fe2b676bfa2df7",
    "published": "2026-06-04T15:15:28+03:00",
    "briefs": "DonutLoader Delivers Remcos RAT via Multi-Stage LOLBin Phishing Chain"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "b9da295c34accf3632c2c4b6d9e3c74791b4514d27814f79e9bcb77ce168a347",
    "published": "2026-06-04T15:15:28+03:00",
    "briefs": "DonutLoader Delivers Remcos RAT via Multi-Stage LOLBin Phishing Chain"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "48bd36c3b8d6a3bf5db4e7b0bbc1692e8cb900475dc7ae16e9f1fa7ba97c8adf",
    "published": "2026-06-04T15:15:28+03:00",
    "briefs": "DonutLoader Delivers Remcos RAT via Multi-Stage LOLBin Phishing Chain"
  },
  {
    "type": "FILE_NAME",
    "value": "Bestellung.CMD",
    "published": "2026-06-04T15:15:28+03:00",
    "briefs": "DonutLoader Delivers Remcos RAT via Multi-Stage LOLBin Phishing Chain"
  },
  {
    "type": "FILE_NAME",
    "value": "iphdcrtj.js",
    "published": "2026-06-04T15:15:28+03:00",
    "briefs": "DonutLoader Delivers Remcos RAT via Multi-Stage LOLBin Phishing Chain"
  },
  {
    "type": "FILE_NAME",
    "value": "iphdcrtj.zip",
    "published": "2026-06-04T15:15:28+03:00",
    "briefs": "DonutLoader Delivers Remcos RAT via Multi-Stage LOLBin Phishing Chain"
  },
  {
    "type": "FILE_NAME",
    "value": "USCSHBRBWUYUCQNUIBPWLVUFKIAGWBOOAKDDXWTGRUVHWXIHQQRQXJASLKLALICCV.png",
    "published": "2026-06-04T15:15:28+03:00",
    "briefs": "DonutLoader Delivers Remcos RAT via Multi-Stage LOLBin Phishing Chain"
  },
  {
    "type": "IP_ADDRESS",
    "value": "193.233.202.17",
    "published": "2026-06-03T14:57:46+03:00",
    "briefs": "The Gentlemen Ransomware: Defense Evasion TTPs"
  },
  {
    "type": "IP_ADDRESS",
    "value": "77.110.122.137",
    "published": "2026-06-03T14:57:46+03:00",
    "briefs": "The Gentlemen Ransomware: Defense Evasion TTPs"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "f918535f974591ef031bd0f30a8171e3da27a6754e6426a8ba095f83195661c8",
    "published": "2026-06-03T14:57:46+03:00",
    "briefs": "The Gentlemen Ransomware: Defense Evasion TTPs"
  },
  {
    "type": "FILE_NAME",
    "value": "G_hlm7jj_windows_amd64.exe",
    "published": "2026-06-03T14:57:46+03:00",
    "briefs": "The Gentlemen Ransomware: Defense Evasion TTPs"
  },
  {
    "type": "FILE_NAME",
    "value": "win.exe",
    "published": "2026-06-03T14:57:46+03:00",
    "briefs": "The Gentlemen Ransomware: Defense Evasion TTPs"
  },
  {
    "type": "FILE_NAME",
    "value": "svchost32.exe",
    "published": "2026-06-03T14:57:46+03:00",
    "briefs": "The Gentlemen Ransomware: Defense Evasion TTPs"
  },
  {
    "type": "FILE_NAME",
    "value": "README-GENTLEMEN.txt",
    "published": "2026-06-03T14:57:46+03:00",
    "briefs": "The Gentlemen Ransomware: Defense Evasion TTPs"
  },
  {
    "type": "IP_ADDRESS",
    "value": "104.207.144.154",
    "published": "2026-05-31T17:57:59+03:00",
    "briefs": "CVE-2026-0257: PAN-OS GlobalProtect Authentication Bypass Exploited in the Wild"
  },
  {
    "type": "IP_ADDRESS",
    "value": "146.19.216.119",
    "published": "2026-05-31T17:57:59+03:00",
    "briefs": "CVE-2026-0257: PAN-OS GlobalProtect Authentication Bypass Exploited in the Wild"
  },
  {
    "type": "IP_ADDRESS",
    "value": "146.19.216.120",
    "published": "2026-05-31T17:57:59+03:00",
    "briefs": "CVE-2026-0257: PAN-OS GlobalProtect Authentication Bypass Exploited in the Wild"
  },
  {
    "type": "IP_ADDRESS",
    "value": "146.19.216.125",
    "published": "2026-05-31T17:57:59+03:00",
    "briefs": "CVE-2026-0257: PAN-OS GlobalProtect Authentication Bypass Exploited in the Wild"
  },
  {
    "type": "IP_ADDRESS",
    "value": "209.38.154.221",
    "published": "2026-05-31T17:57:59+03:00",
    "briefs": "CVE-2026-0257: PAN-OS GlobalProtect Authentication Bypass Exploited in the Wild"
  },
  {
    "type": "IP_ADDRESS",
    "value": "79.130.26.202",
    "published": "2026-05-31T17:57:59+03:00",
    "briefs": "CVE-2026-0257: PAN-OS GlobalProtect Authentication Bypass Exploited in the Wild"
  },
  {
    "type": "IP_ADDRESS",
    "value": "179.43.177.220",
    "published": "2026-05-28T14:52:16+03:00",
    "briefs": "Seedworm Espionage Campaign Against Electronics Manufacturers: Credential Theft, DLL Sideloading, and Covert Exfiltration"
  },
  {
    "type": "IP_ADDRESS",
    "value": "178.128.233.36",
    "published": "2026-05-28T14:52:16+03:00",
    "briefs": "Seedworm Espionage Campaign Against Electronics Manufacturers: Credential Theft, DLL Sideloading, and Covert Exfiltration"
  },
  {
    "type": "IP_ADDRESS",
    "value": "37.187.78.41",
    "published": "2026-05-28T14:52:16+03:00",
    "briefs": "Seedworm Espionage Campaign Against Electronics Manufacturers: Credential Theft, DLL Sideloading, and Covert Exfiltration"
  },
  {
    "type": "DOMAIN",
    "value": "timetrakr.cloud",
    "published": "2026-05-28T14:52:16+03:00",
    "briefs": "Seedworm Espionage Campaign Against Electronics Manufacturers: Credential Theft, DLL Sideloading, and Covert Exfiltration"
  },
  {
    "type": "DOMAIN",
    "value": "svc.wompworthy.com",
    "published": "2026-05-28T14:52:16+03:00",
    "briefs": "Seedworm Espionage Campaign Against Electronics Manufacturers: Credential Theft, DLL Sideloading, and Covert Exfiltration"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "d587959841a763669279ad831b8f0379f6a7b037dffc19deab5d41f37f8b5ffc",
    "published": "2026-05-28T14:52:16+03:00",
    "briefs": "Seedworm Espionage Campaign Against Electronics Manufacturers: Credential Theft, DLL Sideloading, and Covert Exfiltration"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "74ab3838ebed7054b2254bf7d334c80c8b2cfec4a97d1706723f8ea55f11061f",
    "published": "2026-05-28T14:52:16+03:00",
    "briefs": "Seedworm Espionage Campaign Against Electronics Manufacturers: Credential Theft, DLL Sideloading, and Covert Exfiltration"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "c6182fd01b14d84723e3c9d11bc0e16b34de6607ccb8334fc9bb97c1b44f0cde",
    "published": "2026-05-28T14:52:16+03:00",
    "briefs": "Seedworm Espionage Campaign Against Electronics Manufacturers: Credential Theft, DLL Sideloading, and Covert Exfiltration"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "0c9b911935a3705b0ad569446804d80026feb6db3884aeb240b6c76e9b8cf139",
    "published": "2026-05-28T14:52:16+03:00",
    "briefs": "Seedworm Espionage Campaign Against Electronics Manufacturers: Credential Theft, DLL Sideloading, and Covert Exfiltration"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "3ee7dab4ae4f6d4f16dfabb6f38faef370411a9fc00ff035844e54703b99600a",
    "published": "2026-05-28T14:52:16+03:00",
    "briefs": "Seedworm Espionage Campaign Against Electronics Manufacturers: Credential Theft, DLL Sideloading, and Covert Exfiltration"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "bee79c3302b1a7afc0952842d14eff83a604ef00bfdae525176c16c80b2045f7",
    "published": "2026-05-28T14:52:16+03:00",
    "briefs": "Seedworm Espionage Campaign Against Electronics Manufacturers: Credential Theft, DLL Sideloading, and Covert Exfiltration"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "b21c802775df0c0d82c8cfde299084abc624898b10258db641b820172a0ba29a",
    "published": "2026-05-28T14:52:16+03:00",
    "briefs": "Seedworm Espionage Campaign Against Electronics Manufacturers: Credential Theft, DLL Sideloading, and Covert Exfiltration"
  },
  {
    "type": "URL",
    "value": "http://179.43.177.220:8080/nm.ps1",
    "published": "2026-05-28T14:52:16+03:00",
    "briefs": "Seedworm Espionage Campaign Against Electronics Manufacturers: Credential Theft, DLL Sideloading, and Covert Exfiltration"
  },
  {
    "type": "URL",
    "value": "http://179.43.177.220:8080/a.dat",
    "published": "2026-05-28T14:52:16+03:00",
    "briefs": "Seedworm Espionage Campaign Against Electronics Manufacturers: Credential Theft, DLL Sideloading, and Covert Exfiltration"
  },
  {
    "type": "URL",
    "value": "http://179.43.177.220:8080/a.exe",
    "published": "2026-05-28T14:52:16+03:00",
    "briefs": "Seedworm Espionage Campaign Against Electronics Manufacturers: Credential Theft, DLL Sideloading, and Covert Exfiltration"
  },
  {
    "type": "URL",
    "value": "https://timetrakr.cloud/sp.ps1",
    "published": "2026-05-28T14:52:16+03:00",
    "briefs": "Seedworm Espionage Campaign Against Electronics Manufacturers: Credential Theft, DLL Sideloading, and Covert Exfiltration"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "d2fd0654710c27dcf37b6c1437880020824e161dd0bf28e3a133ed777242a0ca",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "dcfa2800754e5722acf94987bb03e814edcb9acebda37df6da1987bf48e5b05e",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "3298d203c2acb68c474e5fdad8379181890b4403d6491c523c13730129be3f75",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "0ee1d284ed663073872012c7bde7fac5ca1121403f1a5d2d5411317df282796c",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "ffd9f58e5fe8502249c67cad0123ceeeaa6e9f69b4ec9f9e21511809849eb8fc",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "dfe6fddc67bdc93b9947430b966da2877fda094edf3e21e6f0ba98a84bc53198",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "131da83b521f610819141d5c740313ce46578374abb22ef504a7593955a65f07",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "9f393516edf6b8e011df6ee991758480c5b99a0efbfd68347786061f0e04426c",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "9585af44c3ff8fd921c713680b0c2b3bbc9d56add848ed62164f7c9b9f23d065",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "2f629395fdfa11e713ea8bf11d40f6f240acf2f5fcf9a2ac50b6f7fbc7521c83",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "7f731cc11f8e4d249142e99a44b9da7a48505ce32c4ee4881041beeddb3760be",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "95477703e789e6182096a09bc98853e0a70b680a4f19fa2bf86cbb9280e8ec5a",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "0c0e0f9b09b80d87ebc88e2870907b6cacb4cd7703584baf8f2be1fd9438696d",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "c9c94ac5e1991a7db42c7973e328fceeb6f163d9f644031bdfd4123c7b3898b0",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "aaa6041912a6ba3cf167ecdb90a434a62feaf08639c59705847706b9f492015d",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "18051333e658c4816ff3576a2e9d97fe2a1196ac0ea5ed9ba386c46defafdb88",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "5e1e3bf6999126ae4aa52146280fdb913912632e8bac4f54e98c58821a307d32",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "58359209e215a9fc0dafd14039121398559790dba9aa2398c457348ee1cb8a4d",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "cf3465d7e49b609defa1e2b6cfcc86ffa30c72246cb2744dbf50736c5f3d74d5",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "58afef43cec0ee7a2fbfd9cdd5b71f55f971672d5e523a400b82b98c752ca5b7",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "8e12c8eb39cec9a414b56a36acbcc1a5b31dc96a38bc668138a00f94f7c26ea5",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "bfd5fc6cd3dea74738ac7025fa14ea844f400708df2293572796568f65bd6b61",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "4dc9f9684f715f50946e85557b82af80fcb45576efad47eee1bf054c15e570f0",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "7266e2afb5c70788c018d684698b0940eded4cb863f2b33f4edd31b59d1eab1d",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "c0f706ff43936c1bb19db4f39b11129c3fc8ddafbd159852475ef99a246b2f79",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "3a25d3f82651567e5760e48ad06c9f6caab4f9fdc071e98919163b3a71e67168",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "cfa209d56e296c40b32815270060e539963d68cda3285c5f393c97eb3c960d37",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "77d48e8c13ce066b197905cc8fc69969af69b74d25f5e95dcd1302ada2e7ccec",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "0b5b31af5956158bfbd14f6cbf4f1bca23c5d16a40dbf3758f3289146c565f43",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "0d700ca5f6cc093de4abba9410480ee7a8870d5e8fe86c9ce103eec3872f225f",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "a2df5477cf924bd41241a3326060cc2f913aff2379858b148ddec455e4da67bc",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "03aa12ac2884251aa24bf0ccd854047de403591a8537e6aba19e822807e06a45",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "2e88e55cc8ee364bf90e7a51671366efb3dac3e9468005b044164ba0f1624422",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "40221e1c2e0c09bc6104548ee847b6ec790413d6ece06ad675fff87e5b8dc1d5",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "5ea65e2bb9d245913ad69ce90e3bd9647eb16d992301145372565486c77568a2",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "643061ac0b51f8c77f2ed202dc91afb9879f796ddd974489209d45f84f644562",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "6f9d50bab16b2532f4683eeb76bd25449d83bdd6c85bf0b05f716a4b49584f84",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "fef09b0aa37cbdb6a8f60a6bd8b473a7e5bffdc7fd2e952444f781574abccf64",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "e1321a4b2b104f31aceaf4b19c5559e40ba35b73a754d3ae13d8e90c53146c0f",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "74f497088b49b745e6377b32ed5d9dfaef3c84c7c0bb50fabf30363ad2e0bfb1",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "3d2b58ef6df743ce58669d7387ff94740ceb0122c4fc1c4ffd81af00e72e60a4",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA1_FILE_HASH",
    "value": "5961a99181df157b81d35a50eeb27f96577a2fa2",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA1_FILE_HASH",
    "value": "d5efaa22a74aab87d17f8666686b554e41fb389a",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA1_FILE_HASH",
    "value": "08cf869a19c76ca718ba80ef73636e7bc38218b8",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA1_FILE_HASH",
    "value": "ef328f68c6d865ba4ef4223b5d8ee9efb5667420",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "MD5_FILE_HASH",
    "value": "57d1aeb41d9cfea4d6899724bc4b09a5",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "MD5_FILE_HASH",
    "value": "17c624693f5dd575485ec4286b0ba786",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "MD5_FILE_HASH",
    "value": "c56b31c9080b993d57c100b91d096c33",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "MD5_FILE_HASH",
    "value": "2fed7579556f01161bb1fdfd1c3e9e6c",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "MD5_FILE_HASH",
    "value": "24e19d29a47b6b5e1a39bf5e4c313194",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "MD5_FILE_HASH",
    "value": "814310fb7a59f23e3e137ee6fee04fa1",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "FILE_NAME",
    "value": "VeeamHax.exe",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "FILE_NAME",
    "value": "Veeam-Get-Creds.ps1",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "FILE_NAME",
    "value": "qKtul.vbs",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "FILE_NAME",
    "value": "s64.dll",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "FILE_NAME",
    "value": "lck.exe",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "FILE_NAME",
    "value": "Win_locker_0234-BMMNBW-MONC.exe",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "FILE_NAME",
    "value": "level-windows-amd64.exe",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "FILE_NAME",
    "value": "Ladon.exe",
    "published": "2026-05-19T10:14:18+03:00",
    "briefs": "Akira Dual-Platform Ransomware: Active Targeting of Finance, Healthcare, and Critical Infrastructure"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "ab4fcadaec49c03278063dd269ea5eef82d24f2124a8e15d7b90f2fa8601266c",
    "published": "2026-05-13T10:07:07+03:00",
    "briefs": "TeamPCP Strikes Again: TanStack, UiPath & npm Supply Chain Compromise with Wiper Daemon"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "2ec78d556d696e208927cc503d48e4b5eb56b31abc2870c2ed2e98d6be27fc96",
    "published": "2026-05-13T10:07:07+03:00",
    "briefs": "TeamPCP Strikes Again: TanStack, UiPath & npm Supply Chain Compromise with Wiper Daemon"
  },
  {
    "type": "SHA1_FILE_HASH",
    "value": "e7d582b98ca80690883175470e96f703ef6dc497",
    "published": "2026-05-13T10:07:07+03:00",
    "briefs": "TeamPCP Strikes Again: TanStack, UiPath & npm Supply Chain Compromise with Wiper Daemon"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "2258284d65f63829bd67eaba01ef6f1ada2f593f9bbe41678b2df360bd90d3df",
    "published": "2026-05-13T10:07:07+03:00",
    "briefs": "TeamPCP Strikes Again: TanStack, UiPath & npm Supply Chain Compromise with Wiper Daemon"
  },
  {
    "type": "SHA1_FILE_HASH",
    "value": "12f35b1081b17d21815b35feb57ab03d02482116",
    "published": "2026-05-13T10:07:07+03:00",
    "briefs": "TeamPCP Strikes Again: TanStack, UiPath & npm Supply Chain Compromise with Wiper Daemon"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "1e8538c6e0563d50da0f2e097e979ebd5294ce1defe01d0b9fe361ba3bed1898",
    "published": "2026-05-13T10:07:07+03:00",
    "briefs": "TeamPCP Strikes Again: TanStack, UiPath & npm Supply Chain Compromise with Wiper Daemon"
  },
  {
    "type": "DOMAIN",
    "value": "git-tanstack.com",
    "published": "2026-05-13T10:07:07+03:00",
    "briefs": "TeamPCP Strikes Again: TanStack, UiPath & npm Supply Chain Compromise with Wiper Daemon"
  },
  {
    "type": "IP_ADDRESS",
    "value": "83.142.209.194",
    "published": "2026-05-13T10:07:07+03:00",
    "briefs": "TeamPCP Strikes Again: TanStack, UiPath & npm Supply Chain Compromise with Wiper Daemon"
  },
  {
    "type": "URL",
    "value": "https://git-tanstack.com/tmp/transformers.pyz",
    "published": "2026-05-13T10:07:07+03:00",
    "briefs": "TeamPCP Strikes Again: TanStack, UiPath & npm Supply Chain Compromise with Wiper Daemon"
  },
  {
    "type": "DOMAIN",
    "value": "seed1.getsession.org",
    "published": "2026-05-13T10:07:07+03:00",
    "briefs": "TeamPCP Strikes Again: TanStack, UiPath & npm Supply Chain Compromise with Wiper Daemon"
  },
  {
    "type": "DOMAIN",
    "value": "seed2.getsession.org",
    "published": "2026-05-13T10:07:07+03:00",
    "briefs": "TeamPCP Strikes Again: TanStack, UiPath & npm Supply Chain Compromise with Wiper Daemon"
  },
  {
    "type": "DOMAIN",
    "value": "seed3.getsession.org",
    "published": "2026-05-13T10:07:07+03:00",
    "briefs": "TeamPCP Strikes Again: TanStack, UiPath & npm Supply Chain Compromise with Wiper Daemon"
  },
  {
    "type": "DOMAIN",
    "value": "filev2.getsession.org",
    "published": "2026-05-13T10:07:07+03:00",
    "briefs": "TeamPCP Strikes Again: TanStack, UiPath & npm Supply Chain Compromise with Wiper Daemon"
  },
  {
    "type": "FILE_NAME",
    "value": "router_init.js",
    "published": "2026-05-13T10:07:07+03:00",
    "briefs": "TeamPCP Strikes Again: TanStack, UiPath & npm Supply Chain Compromise with Wiper Daemon"
  },
  {
    "type": "FILE_NAME",
    "value": "setup.mjs",
    "published": "2026-05-13T10:07:07+03:00",
    "briefs": "TeamPCP Strikes Again: TanStack, UiPath & npm Supply Chain Compromise with Wiper Daemon"
  },
  {
    "type": "FILE_NAME",
    "value": "router_runtime.js",
    "published": "2026-05-13T10:07:07+03:00",
    "briefs": "TeamPCP Strikes Again: TanStack, UiPath & npm Supply Chain Compromise with Wiper Daemon"
  },
  {
    "type": "FILE_NAME",
    "value": "tanstack_runner.js",
    "published": "2026-05-13T10:07:07+03:00",
    "briefs": "TeamPCP Strikes Again: TanStack, UiPath & npm Supply Chain Compromise with Wiper Daemon"
  },
  {
    "type": "FILE_NAME",
    "value": "gh-token-monitor",
    "published": "2026-05-13T10:07:07+03:00",
    "briefs": "TeamPCP Strikes Again: TanStack, UiPath & npm Supply Chain Compromise with Wiper Daemon"
  },
  {
    "type": "FILE_NAME",
    "value": "~/Library/LaunchAgents/com.user.gh-token-monitor.plist",
    "published": "2026-05-13T10:07:07+03:00",
    "briefs": "TeamPCP Strikes Again: TanStack, UiPath & npm Supply Chain Compromise with Wiper Daemon"
  },
  {
    "type": "FILE_NAME",
    "value": "~/.config/systemd/user/gh-token-monitor.service",
    "published": "2026-05-13T10:07:07+03:00",
    "briefs": "TeamPCP Strikes Again: TanStack, UiPath & npm Supply Chain Compromise with Wiper Daemon"
  },
  {
    "type": "DOMAIN",
    "value": "cleanmymacos.org",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "DOMAIN",
    "value": "mac-storage-guide.squarespace.com",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "DOMAIN",
    "value": "claudecodedoc.squarespace.com",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "DOMAIN",
    "value": "macclean.craft.me",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "DOMAIN",
    "value": "macos-disk-space.medium.com",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "DOMAIN",
    "value": "apple-mac-fix-hidden.medium.com",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "DOMAIN",
    "value": "domenpozh.net",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "DOMAIN",
    "value": "rapidfilevault4.sbs",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "DOMAIN",
    "value": "rapidfilevault4.cyou",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "DOMAIN",
    "value": "coco-fun2.com",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "DOMAIN",
    "value": "yablochnisok.com",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "DOMAIN",
    "value": "datasphere.us.com",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "DOMAIN",
    "value": "swift-sh.com",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "URL",
    "value": "https://t.me/ax03bot",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "URL",
    "value": "https://cauterizespray.icu/script.sh",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "URL",
    "value": "https://resilientlimb.icu/script.sh",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "DOMAIN",
    "value": "0x666.info",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "DOMAIN",
    "value": "honestly.ink",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "DOMAIN",
    "value": "pla7ina.cfd",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "DOMAIN",
    "value": "play67.cc",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "IP_ADDRESS",
    "value": "95.85.251.177",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "IP_ADDRESS",
    "value": "45.94.47.204",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "DOMAIN",
    "value": "famiode.com",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "DOMAIN",
    "value": "rvdownloads.com",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "DOMAIN",
    "value": "wusetail.com",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "DOMAIN",
    "value": "aforvm.com",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "DOMAIN",
    "value": "ouilov.com",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "DOMAIN",
    "value": "malext.com",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "URL",
    "value": "http://138.124.93.32/contact",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "URL",
    "value": "http://168.100.9.122/contact",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "URL",
    "value": "http://199.217.98.33/contact",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "URL",
    "value": "http://38.244.158.103/contact",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "URL",
    "value": "http://92.246.136.14/contact",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "DOMAIN",
    "value": "reachnv.com",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "DOMAIN",
    "value": "vagturk.com",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "DOMAIN",
    "value": "octopox.com",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "9d2da07aa6e7db3fbc36b36f0cfd74f78d5815f5ba55d0f0405cdd668bd13767",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "7ca42f1f23dbdc9427c9f135815bb74708a7494ea78df1fbc0fc348ba2a161ae",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "241a50befcf5c1aa6dab79664e2ba9cb373cc351cb9de9c3699fd2ecb2afab05",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "522fdfaff44797b9180f36c654f77baf5cdeaab861bbf372ccfc1a5bd920d62e",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "FILE_NAME",
    "value": "/tmp/helper",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "FILE_NAME",
    "value": "/tmp/update",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "FILE_NAME",
    "value": "/tmp/starter",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "FILE_NAME",
    "value": "~/Library/Application Support/Google/GoogleUpdate.app/Contents/MacOS/GoogleUpdate",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "FILE_NAME",
    "value": "~/Library/LaunchAgents/com.google.keystone.agent.plist",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "FILE_NAME",
    "value": "/Library/LaunchDaemons/com.finder.helper.plist",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "FILE_NAME",
    "value": ".mainhelper",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "FILE_NAME",
    "value": ".agent",
    "published": "2026-05-12T11:59:31+03:00",
    "briefs": "ClickFix campaign uses fake macOS utilities lures to deliver infostealers"
  },
  {
    "type": "IP_ADDRESS",
    "value": "67.206.213.86",
    "published": "2026-05-07T19:02:40+03:00",
    "briefs": "CVE-2026-0300: Active Exploitation of PAN-OS User-ID Authentication Portal"
  },
  {
    "type": "IP_ADDRESS",
    "value": "136.0.8.48",
    "published": "2026-05-07T19:02:40+03:00",
    "briefs": "CVE-2026-0300: Active Exploitation of PAN-OS User-ID Authentication Portal"
  },
  {
    "type": "IP_ADDRESS",
    "value": "146.70.100.69",
    "published": "2026-05-07T19:02:40+03:00",
    "briefs": "CVE-2026-0300: Active Exploitation of PAN-OS User-ID Authentication Portal"
  },
  {
    "type": "IP_ADDRESS",
    "value": "149.104.66.84",
    "published": "2026-05-07T19:02:40+03:00",
    "briefs": "CVE-2026-0300: Active Exploitation of PAN-OS User-ID Authentication Portal"
  },
  {
    "type": "URL",
    "value": "http://146.70.100.69:8000/php_sess",
    "published": "2026-05-07T19:02:40+03:00",
    "briefs": "CVE-2026-0300: Active Exploitation of PAN-OS User-ID Authentication Portal"
  },
  {
    "type": "URL",
    "value": "https://github.com/Acebond/ReverseSocks5/releases/download/v2.2.0/ReverseSocks5-v2.2.0-linux-amd64.tar.gz",
    "published": "2026-05-07T19:02:40+03:00",
    "briefs": "CVE-2026-0300: Active Exploitation of PAN-OS User-ID Authentication Portal"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "e11f69b49b6f2e829454371c31ebf86893f82a042dae3f2faf63dcd84f97a584",
    "published": "2026-05-07T19:02:40+03:00",
    "briefs": "CVE-2026-0300: Active Exploitation of PAN-OS User-ID Authentication Portal"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "a567d09b15f6e4440e70c9f2aa8edec8ed59f53301952df05c719aa3911687f9",
    "published": "2026-05-05T17:58:43+03:00",
    "briefs": "Copy Fail: CVE-2026-31431: Linux Kernel LPE via AF_ALG Page Cache Corruption"
  },
  {
    "type": "FILE_NAME",
    "value": "copy_fail_exp.py",
    "published": "2026-05-05T17:58:43+03:00",
    "briefs": "Copy Fail: CVE-2026-31431: Linux Kernel LPE via AF_ALG Page Cache Corruption"
  },
  {
    "type": "FILE_NAME",
    "value": "exploit_cve_2026_31431.py",
    "published": "2026-05-05T17:58:43+03:00",
    "briefs": "Copy Fail: CVE-2026-31431: Linux Kernel LPE via AF_ALG Page Cache Corruption"
  },
  {
    "type": "FILE_NAME",
    "value": "test_cve_2026_31431.py",
    "published": "2026-05-05T17:58:43+03:00",
    "briefs": "Copy Fail: CVE-2026-31431: Linux Kernel LPE via AF_ALG Page Cache Corruption"
  },
  {
    "type": "URL",
    "value": "https://copy.fail/exp",
    "published": "2026-05-05T17:58:43+03:00",
    "briefs": "Copy Fail: CVE-2026-31431: Linux Kernel LPE via AF_ALG Page Cache Corruption"
  },
  {
    "type": "URL",
    "value": "https://github.com/theori-io/copy-fail-CVE-2026-31431",
    "published": "2026-05-05T17:58:43+03:00",
    "briefs": "Copy Fail: CVE-2026-31431: Linux Kernel LPE via AF_ALG Page Cache Corruption"
  },
  {
    "type": "IP_ADDRESS",
    "value": "212.34.138.4",
    "published": "2026-05-05T17:14:25+03:00",
    "briefs": "ClickFix Campaign Delivers SectopRAT via EtherHiding & BYOI Python"
  },
  {
    "type": "IP_ADDRESS",
    "value": "138.124.66.23",
    "published": "2026-05-05T17:14:25+03:00",
    "briefs": "ClickFix Campaign Delivers SectopRAT via EtherHiding & BYOI Python"
  },
  {
    "type": "IP_ADDRESS",
    "value": "194.150.220.218",
    "published": "2026-05-05T17:14:25+03:00",
    "briefs": "ClickFix Campaign Delivers SectopRAT via EtherHiding & BYOI Python"
  },
  {
    "type": "IP_ADDRESS",
    "value": "45.155.69.224",
    "published": "2026-05-05T17:14:25+03:00",
    "briefs": "ClickFix Campaign Delivers SectopRAT via EtherHiding & BYOI Python"
  },
  {
    "type": "IP_ADDRESS",
    "value": "45.155.69.48",
    "published": "2026-05-05T17:14:25+03:00",
    "briefs": "ClickFix Campaign Delivers SectopRAT via EtherHiding & BYOI Python"
  },
  {
    "type": "IP_ADDRESS",
    "value": "193.33.195.32",
    "published": "2026-05-05T17:14:25+03:00",
    "briefs": "ClickFix Campaign Delivers SectopRAT via EtherHiding & BYOI Python"
  },
  {
    "type": "DOMAIN",
    "value": "fw96.data-api-cloud-program.in.net",
    "published": "2026-05-05T17:14:25+03:00",
    "briefs": "ClickFix Campaign Delivers SectopRAT via EtherHiding & BYOI Python"
  },
  {
    "type": "DOMAIN",
    "value": "bagginess78.cloud-api-system-control.in.net",
    "published": "2026-05-05T17:14:25+03:00",
    "briefs": "ClickFix Campaign Delivers SectopRAT via EtherHiding & BYOI Python"
  },
  {
    "type": "DOMAIN",
    "value": "algorithm.in.net",
    "published": "2026-05-05T17:14:25+03:00",
    "briefs": "ClickFix Campaign Delivers SectopRAT via EtherHiding & BYOI Python"
  },
  {
    "type": "DOMAIN",
    "value": "frost-tree-nord.base-blockchain-ground-false.in.net",
    "published": "2026-05-05T17:14:25+03:00",
    "briefs": "ClickFix Campaign Delivers SectopRAT via EtherHiding & BYOI Python"
  },
  {
    "type": "DOMAIN",
    "value": "woosh-duck.agri-clock-core-sn.in.net",
    "published": "2026-05-05T17:14:25+03:00",
    "briefs": "ClickFix Campaign Delivers SectopRAT via EtherHiding & BYOI Python"
  },
  {
    "type": "DOMAIN",
    "value": "carlessclapped.com",
    "published": "2026-05-05T17:14:25+03:00",
    "briefs": "ClickFix Campaign Delivers SectopRAT via EtherHiding & BYOI Python"
  },
  {
    "type": "DOMAIN",
    "value": "download2392.mediafire.com",
    "published": "2026-05-05T17:14:25+03:00",
    "briefs": "ClickFix Campaign Delivers SectopRAT via EtherHiding & BYOI Python"
  },
  {
    "type": "DOMAIN",
    "value": "download2390.mediafire.com",
    "published": "2026-05-05T17:14:25+03:00",
    "briefs": "ClickFix Campaign Delivers SectopRAT via EtherHiding & BYOI Python"
  },
  {
    "type": "DOMAIN",
    "value": "bsc-testnet.drpc.org",
    "published": "2026-05-05T17:14:25+03:00",
    "briefs": "ClickFix Campaign Delivers SectopRAT via EtherHiding & BYOI Python"
  },
  {
    "type": "DOMAIN",
    "value": "data-seed-prebsc-1-s1.bnbchain.org",
    "published": "2026-05-05T17:14:25+03:00",
    "briefs": "ClickFix Campaign Delivers SectopRAT via EtherHiding & BYOI Python"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "36b7f4fef5e984a5d60352ef7661ba0bf809feebd749ba1d5ab8d90bdf7feda0",
    "published": "2026-05-05T17:14:25+03:00",
    "briefs": "ClickFix Campaign Delivers SectopRAT via EtherHiding & BYOI Python"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "556fdc9932afc5f176803ae67dbc3b9e54c611f1b720e1140ec540e2d151396a",
    "published": "2026-05-05T17:14:25+03:00",
    "briefs": "ClickFix Campaign Delivers SectopRAT via EtherHiding & BYOI Python"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "4bfdb2a8f9f3cf83c656c7f25352d46c46a58f5b685a407cf7210aecdc1464f7",
    "published": "2026-05-05T17:14:25+03:00",
    "briefs": "ClickFix Campaign Delivers SectopRAT via EtherHiding & BYOI Python"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "9287520644ae33bd6655555fff86b4f026c7f3d1d838ead02b676172450bbb27",
    "published": "2026-05-05T17:14:25+03:00",
    "briefs": "ClickFix Campaign Delivers SectopRAT via EtherHiding & BYOI Python"
  },
  {
    "type": "FILE_NAME",
    "value": "mnvqlprtyntv",
    "published": "2026-05-05T17:14:25+03:00",
    "briefs": "ClickFix Campaign Delivers SectopRAT via EtherHiding & BYOI Python"
  },
  {
    "type": "FILE_NAME",
    "value": "ktkhzktujk",
    "published": "2026-05-05T17:14:25+03:00",
    "briefs": "ClickFix Campaign Delivers SectopRAT via EtherHiding & BYOI Python"
  },
  {
    "type": "IP_ADDRESS",
    "value": "205.209.116.54",
    "published": "2026-05-04T18:20:37+03:00",
    "briefs": "Ping, Payload, PowerShell: Active Exploitation of CVE-2026-22679 in Weaver E-cology"
  },
  {
    "type": "IP_ADDRESS",
    "value": "161.132.49.114",
    "published": "2026-05-04T18:20:37+03:00",
    "briefs": "Ping, Payload, PowerShell: Active Exploitation of CVE-2026-22679 in Weaver E-cology"
  },
  {
    "type": "IP_ADDRESS",
    "value": "141.11.89.42",
    "published": "2026-05-04T18:20:37+03:00",
    "briefs": "Ping, Payload, PowerShell: Active Exploitation of CVE-2026-22679 in Weaver E-cology"
  },
  {
    "type": "IP_ADDRESS",
    "value": "132.243.172.2",
    "published": "2026-05-04T18:20:37+03:00",
    "briefs": "Ping, Payload, PowerShell: Active Exploitation of CVE-2026-22679 in Weaver E-cology"
  },
  {
    "type": "IP_ADDRESS",
    "value": "152.32.173.138",
    "published": "2026-05-04T18:20:37+03:00",
    "briefs": "Ping, Payload, PowerShell: Active Exploitation of CVE-2026-22679 in Weaver E-cology"
  },
  {
    "type": "URL",
    "value": "http://205.209.116.54:2013/vsgbt.exe",
    "published": "2026-05-04T18:20:37+03:00",
    "briefs": "Ping, Payload, PowerShell: Active Exploitation of CVE-2026-22679 in Weaver E-cology"
  },
  {
    "type": "URL",
    "value": "http://205.209.116.54:2013/hjchhb.exe",
    "published": "2026-05-04T18:20:37+03:00",
    "briefs": "Ping, Payload, PowerShell: Active Exploitation of CVE-2026-22679 in Weaver E-cology"
  },
  {
    "type": "URL",
    "value": "http://161.132.49.114/config.js",
    "published": "2026-05-04T18:20:37+03:00",
    "briefs": "Ping, Payload, PowerShell: Active Exploitation of CVE-2026-22679 in Weaver E-cology"
  },
  {
    "type": "URL",
    "value": "http://141.11.89.42/fanwei0324.msi",
    "published": "2026-05-04T18:20:37+03:00",
    "briefs": "Ping, Payload, PowerShell: Active Exploitation of CVE-2026-22679 in Weaver E-cology"
  },
  {
    "type": "URL",
    "value": "http://132.243.172.2/config/xx.ps1",
    "published": "2026-05-04T18:20:37+03:00",
    "briefs": "Ping, Payload, PowerShell: Active Exploitation of CVE-2026-22679 in Weaver E-cology"
  },
  {
    "type": "URL",
    "value": "http://132.243.172.2/w-2026/x.ps1",
    "published": "2026-05-04T18:20:37+03:00",
    "briefs": "Ping, Payload, PowerShell: Active Exploitation of CVE-2026-22679 in Weaver E-cology"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "147ac3f24b2b63544d65070007888195a98d30e380f2d480edffb3f07a78377f",
    "published": "2026-05-04T18:20:37+03:00",
    "briefs": "Ping, Payload, PowerShell: Active Exploitation of CVE-2026-22679 in Weaver E-cology"
  },
  {
    "type": "FILE_NAME",
    "value": "vsgbt.exe",
    "published": "2026-05-04T18:20:37+03:00",
    "briefs": "Ping, Payload, PowerShell: Active Exploitation of CVE-2026-22679 in Weaver E-cology"
  },
  {
    "type": "FILE_NAME",
    "value": "hjchhb.exe",
    "published": "2026-05-04T18:20:37+03:00",
    "briefs": "Ping, Payload, PowerShell: Active Exploitation of CVE-2026-22679 in Weaver E-cology"
  },
  {
    "type": "FILE_NAME",
    "value": "nvm.exe",
    "published": "2026-05-04T18:20:37+03:00",
    "briefs": "Ping, Payload, PowerShell: Active Exploitation of CVE-2026-22679 in Weaver E-cology"
  },
  {
    "type": "FILE_NAME",
    "value": "fanwei0324.msi",
    "published": "2026-05-04T18:20:37+03:00",
    "briefs": "Ping, Payload, PowerShell: Active Exploitation of CVE-2026-22679 in Weaver E-cology"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "4066781fa830224c8bbcc3aa005a396657f9c8f9016f9a64ad44a9d7f5f45e34",
    "published": "2026-05-04T11:22:01+03:00",
    "briefs": "TeamPCP-Linked Supply Chain Attack Hits SAP CAP and Cloud MTA npm Packages"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "eb6eb4154b03ec73218727dc643d26f4e14dfda2438112926bb5daf37ae8bcdb",
    "published": "2026-05-04T11:22:01+03:00",
    "briefs": "TeamPCP-Linked Supply Chain Attack Hits SAP CAP and Cloud MTA npm Packages"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "80a3d2877813968ef847ae73b5eeeb70b9435254e74d7f07d8cf4057f0a710ac",
    "published": "2026-05-04T11:22:01+03:00",
    "briefs": "TeamPCP-Linked Supply Chain Attack Hits SAP CAP and Cloud MTA npm Packages"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "6f933d00b7d05678eb43c90963a80b8947c4ae6830182f89df31da9f568fea95",
    "published": "2026-05-04T11:22:01+03:00",
    "briefs": "TeamPCP-Linked Supply Chain Attack Hits SAP CAP and Cloud MTA npm Packages"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "1d9e4ece8e13c8eaf94cb858470d1bd8f81bb58f62583552303774fa1579edee",
    "published": "2026-05-04T11:22:01+03:00",
    "briefs": "TeamPCP-Linked Supply Chain Attack Hits SAP CAP and Cloud MTA npm Packages"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "258257560fe2f1c2cc3924eae40718c829085b52ae3436b4e46d2565f6996271",
    "published": "2026-05-04T11:22:01+03:00",
    "briefs": "TeamPCP-Linked Supply Chain Attack Hits SAP CAP and Cloud MTA npm Packages"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "a1da198bb4e883d077a0e13351bf2c3acdea10497152292e873d79d4f7420211",
    "published": "2026-05-04T11:22:01+03:00",
    "briefs": "TeamPCP-Linked Supply Chain Attack Hits SAP CAP and Cloud MTA npm Packages"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "86282ebcd3bebf50f087f2c6b00c62caa667cdcb53558033d85acd39e3d88b41",
    "published": "2026-05-04T11:22:01+03:00",
    "briefs": "TeamPCP-Linked Supply Chain Attack Hits SAP CAP and Cloud MTA npm Packages"
  },
  {
    "type": "FILE_NAME",
    "value": "tmp.987654321.lock",
    "published": "2026-05-04T11:22:01+03:00",
    "briefs": "TeamPCP-Linked Supply Chain Attack Hits SAP CAP and Cloud MTA npm Packages"
  },
  {
    "type": "DOMAIN",
    "value": "audit.checkmarx.cx",
    "published": "2026-05-04T11:22:01+03:00",
    "briefs": "TeamPCP-Linked Supply Chain Attack Hits SAP CAP and Cloud MTA npm Packages"
  },
  {
    "type": "IP_ADDRESS",
    "value": "166.88.61.35",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "URL",
    "value": "https://sheets.googleapis.com:443/v4/spreadsheets/1z8ykHVYh9DF-b_BFDA9c4Q2ojfrgl-fq1v797Y5576Y",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "URL",
    "value": "https://sheets.googleapis.com:443/v4/spreadsheets/14H0Gm6xgc2p3gpIB5saDyzSDqpVMKGBKIdkVGh2y1bo",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "EMAIL",
    "value": "john.doe89e@gmail.com",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "URL",
    "value": "https://3008.filemail.com/api/file/get?filekey=DeHjMusPPgDt5EsWxOcgYCfRh5yI6MIIg7vvwn9yFEzh93Cts5UxrfXMYEPiMWffVCp36UCsVgYSlC47WGdjHZ7m9bAw0QWcgqQZcg&pk_vid=007318ac7ca53d8717482475404ed5a2",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "1a2530010ecb11f0ce562c0db0380416a10106e924335258ccbba0071a19c852",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "084b92365a25e6cd5fc43efe522e5678a2f1e307bf69dd9a61eb37f81f304cc6",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "85e4809e80e20d9a532267b22d7f898009e74ed0dbf7093bfa9a8d2d5403f3f9",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "338f072cc1e08f1ed094d88aa398472e3f04a8841be2ff70f1c7a2e4476d8ef7",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "13fad7c6d0accb9e0211a7b26849cf96c333cf6dfa21b40b65a7582b79110e4b",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "d783c40c0e15b73b62f28d611f7990793b7e5ba2436e203000a22161e0a00d0e",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "1016ba708fb21385b12183b3430b64df10a8a1af8355b27dd523d99ca878ffbb",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "bab8618bc6fc3fdfa7870b5fe0f52b570fabf0243d066f410a7e76ebeed0088c",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "0d992762c69d624a1f14a8a230f8a7d36d190b49e787fd146e9010e943c5ef78",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "ec5fef700d1ed06285af1f2d01fa3db5ea924de3c2da2f0e6b7a534f69d8409c",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "82ecfe0ada6f7c0cea78bca2e8234241f1a1b8670b5b970df5e2ee255c3a56ef",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "cd009ea4c682b61963210cee16ed663eee20c91dd56483d456e03726e09c89a7",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "bbdad59db64c48f0a9eb3e8f2600314b0e3ebd200e72fa96bf5a84dd29d64ac5",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "fc8f7185a90af4bf44332e85872aa7c190949e3ec70055a38af57690b6604e3c",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "EMAIL",
    "value": "amelia_w_chavez@proton.me",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "EMAIL",
    "value": "lisan_0818@outlook.com",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "DOMAIN",
    "value": "moctw.info",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "URL",
    "value": "https://api.moctw.info/Intro.pdf",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "URL",
    "value": "https://api.moctw.info/Document-2025.4.25.pdf",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "URL",
    "value": "https://api.moctw.info/Install.zip",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "URL",
    "value": "https://brilliant-bubblegum-137cfe.netlify.app/files/Introduction%20Document.zip",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "DOMAIN",
    "value": "ema.moctw.info",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "DOMAIN",
    "value": "www.twmoc.info",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "IP_ADDRESS",
    "value": "80.85.156.234",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "IP_ADDRESS",
    "value": "82.118.16.72",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "IP_ADDRESS",
    "value": "45.141.139.222",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "IP_ADDRESS",
    "value": "80.85.156.237",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "IP_ADDRESS",
    "value": "80.85.154.48",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "IP_ADDRESS",
    "value": "31.192.234.97",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "IP_ADDRESS",
    "value": "80.85.154.101",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "IP_ADDRESS",
    "value": "80.85.157.116",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "IP_ADDRESS",
    "value": "80.85.157.145",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "IP_ADDRESS",
    "value": "82.118.16.106",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "7bffd21315e324ef7d6c4401d1bf955817370b65ae57736b20ced2c5c08b9814",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "9b2cbcf2e0124d79130c4049f7b502246510ab681a3a84224b78613ef322bc79",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "4ee77f1261bb3ad1d9d7114474a8809929f4a0e7f9672b19048e1b6ac7acb15c",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "d3a71c6b7f4be856e0cd66b7c67ca0c8eef250bc737a648032d9d67c2c37d911",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "366d7de8a941daa6a303dc3e39af60b2ffacaa61d5c1fb84dd1595a636439737",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "d51c195b698c411353b10d5b1795cbc06040b663318e220a2d121727c0bb4e43",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "ffd69146c5b02305ac74c514cab28d5211a473a6c28d7366732fdc4797425288",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "DOMAIN",
    "value": "accshieldportal.com",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "DOMAIN",
    "value": "acesportal.com",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "URL",
    "value": "https://ttot.accshieldportal.com/v3/ls/click/?c=b5c64761",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "URL",
    "value": "https://aqrm.accshieldportal.com/v2/account/validate/?vid=35f46f46",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "URL",
    "value": "https://acesportal.com/T/bfzWhb",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "URL",
    "value": "https://acesportal.com/T/KRfzAH",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "EMAIL",
    "value": "menglunwuluegg226@proton.me",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "EMAIL",
    "value": "lonelyboymaoxcz231@proton.me",
    "published": "2026-04-27T15:34:32+03:00",
    "briefs": "Phish and Chips: China-Aligned Actors Target Taiwan Semiconductor Industry"
  },
  {
    "type": "DOMAIN",
    "value": "110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com",
    "published": "2026-04-21T12:00:00+00:00",
    "briefs": "Vercel April 2026 Security Incident: Supply Chain OAuth Compromise via Context.ai"
  },
  {
    "type": "IP_ADDRESS",
    "value": "24.242.93.122",
    "published": "2026-04-20T04:18:19+00:00",
    "briefs": "Vishing for Access: ShinyHunters SaaS Data Theft Expansion"
  },
  {
    "type": "IP_ADDRESS",
    "value": "73.135.228.98",
    "published": "2026-04-20T04:18:19+00:00",
    "briefs": "Vishing for Access: ShinyHunters SaaS Data Theft Expansion"
  },
  {
    "type": "IP_ADDRESS",
    "value": "157.131.172.74",
    "published": "2026-04-20T04:18:19+00:00",
    "briefs": "Vishing for Access: ShinyHunters SaaS Data Theft Expansion"
  },
  {
    "type": "IP_ADDRESS",
    "value": "67.21.178.234",
    "published": "2026-04-20T04:18:19+00:00",
    "briefs": "Vishing for Access: ShinyHunters SaaS Data Theft Expansion"
  },
  {
    "type": "IP_ADDRESS",
    "value": "142.127.171.133",
    "published": "2026-04-20T04:18:19+00:00",
    "briefs": "Vishing for Access: ShinyHunters SaaS Data Theft Expansion"
  },
  {
    "type": "IP_ADDRESS",
    "value": "76.70.74.63",
    "published": "2026-04-20T04:18:19+00:00",
    "briefs": "Vishing for Access: ShinyHunters SaaS Data Theft Expansion"
  },
  {
    "type": "IP_ADDRESS",
    "value": "104.32.172.247",
    "published": "2026-04-20T04:18:19+00:00",
    "briefs": "Vishing for Access: ShinyHunters SaaS Data Theft Expansion"
  },
  {
    "type": "IP_ADDRESS",
    "value": "85.238.66.242",
    "published": "2026-04-20T04:18:19+00:00",
    "briefs": "Vishing for Access: ShinyHunters SaaS Data Theft Expansion"
  },
  {
    "type": "IP_ADDRESS",
    "value": "198.52.166.197",
    "published": "2026-04-20T04:18:19+00:00",
    "briefs": "Vishing for Access: ShinyHunters SaaS Data Theft Expansion"
  },
  {
    "type": "EMAIL",
    "value": "shinycorp@tutanota.com",
    "published": "2026-04-20T04:18:19+00:00",
    "briefs": "Vishing for Access: ShinyHunters SaaS Data Theft Expansion"
  },
  {
    "type": "EMAIL",
    "value": "shinygroup@onionmail.com",
    "published": "2026-04-20T04:18:19+00:00",
    "briefs": "Vishing for Access: ShinyHunters SaaS Data Theft Expansion"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "078163d5c16f64caa5a14784323fd51451b8c831c73396b967b4e35e6879937b",
    "published": "2026-04-15T12:00:00+03:00",
    "briefs": "A Peek Into Muddled Libra's Operational Playbook"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "996e68f2fe1c8bb091f34e9bf39fd34d95c3e21508def1f54098a1874bfb825e",
    "published": "2026-04-15T12:00:00+03:00",
    "briefs": "A Peek Into Muddled Libra's Operational Playbook"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "6784e652f304bf8e43b42c29ad8dd146dd384fa9536b9c6640dfbc370c3e78de",
    "published": "2026-04-15T12:00:00+03:00",
    "briefs": "A Peek Into Muddled Libra's Operational Playbook"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "e451287843b3927c6046eaabd3e22b929bc1f445eec23a73b1398b115d02e4fb",
    "published": "2026-04-15T12:00:00+03:00",
    "briefs": "A Peek Into Muddled Libra's Operational Playbook"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "088f2aced9ed60c2ce853b065f57691403459e1e0d167891d6849e1b58228173",
    "published": "2026-04-15T12:00:00+03:00",
    "briefs": "A Peek Into Muddled Libra's Operational Playbook"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "6e2c39d0c00a6a8eef33f9670f941a88c957d3c1e9496392beedc98af14269a2",
    "published": "2026-04-15T12:00:00+03:00",
    "briefs": "A Peek Into Muddled Libra's Operational Playbook"
  },
  {
    "type": "IP_ADDRESS",
    "value": "162.125.3.18",
    "published": "2026-04-15T12:00:00+03:00",
    "briefs": "A Peek Into Muddled Libra's Operational Playbook"
  },
  {
    "type": "IP_ADDRESS",
    "value": "104.16.100.29",
    "published": "2026-04-15T12:00:00+03:00",
    "briefs": "A Peek Into Muddled Libra's Operational Playbook"
  },
  {
    "type": "DOMAIN",
    "value": "sean-referrals-commissions-electricity.trycloudflare.com",
    "published": "2026-04-15T12:00:00+03:00",
    "briefs": "A Peek Into Muddled Libra's Operational Playbook"
  },
  {
    "type": "DOMAIN",
    "value": "claude-code-app.gitlab.io",
    "published": "2026-04-14T12:00:00+00:00",
    "briefs": "Malvertising & SEO Poisoning Exploit Claude Code Interest to Deliver Infostealers"
  },
  {
    "type": "DOMAIN",
    "value": "claude-desktop-app.bitbucket.io",
    "published": "2026-04-14T12:00:00+00:00",
    "briefs": "Malvertising & SEO Poisoning Exploit Claude Code Interest to Deliver Infostealers"
  },
  {
    "type": "DOMAIN",
    "value": "jpbassin.com",
    "published": "2026-04-14T12:00:00+00:00",
    "briefs": "Malvertising & SEO Poisoning Exploit Claude Code Interest to Deliver Infostealers"
  },
  {
    "type": "DOMAIN",
    "value": "a2abotnet.com",
    "published": "2026-04-14T12:00:00+00:00",
    "briefs": "Malvertising & SEO Poisoning Exploit Claude Code Interest to Deliver Infostealers"
  },
  {
    "type": "DOMAIN",
    "value": "claude-code.official-version.com",
    "published": "2026-04-14T12:00:00+00:00",
    "briefs": "Malvertising & SEO Poisoning Exploit Claude Code Interest to Deliver Infostealers"
  },
  {
    "type": "DOMAIN",
    "value": "scan.aquasecurtiy.org",
    "published": "2026-03-24T14:30:08+02:00",
    "briefs": "Trivy Supply Chain Compromise: TeamPCP CI/CD Credential Theft"
  },
  {
    "type": "DOMAIN",
    "value": "tdtqy-oyaaa-aaaae-af2dq-cai.raw.icp0.io",
    "published": "2026-03-24T14:30:08+02:00",
    "briefs": "Trivy Supply Chain Compromise: TeamPCP CI/CD Credential Theft"
  },
  {
    "type": "DOMAIN",
    "value": "plug-tab-protective-relay.trycloudflare.com",
    "published": "2026-03-24T14:30:08+02:00",
    "briefs": "Trivy Supply Chain Compromise: TeamPCP CI/CD Credential Theft"
  },
  {
    "type": "IP_ADDRESS",
    "value": "45.148.10.212",
    "published": "2026-03-24T14:30:08+02:00",
    "briefs": "Trivy Supply Chain Compromise: TeamPCP CI/CD Credential Theft"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "18a24f83e807479438dcab7a1804c51a00dafc1d526698a66e0640d1e5dd671a",
    "published": "2026-03-24T14:30:08+02:00",
    "briefs": "Trivy Supply Chain Compromise: TeamPCP CI/CD Credential Theft"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "887e1f5b5b50162a60bd03b66269e0ae545d0aef0583c1c5b00972152ad7e073",
    "published": "2026-03-24T14:30:08+02:00",
    "briefs": "Trivy Supply Chain Compromise: TeamPCP CI/CD Credential Theft"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "f7084b0229dce605ccc5506b14acd4d954a496da4b6134a294844ca8d601970d",
    "published": "2026-03-24T14:30:08+02:00",
    "briefs": "Trivy Supply Chain Compromise: TeamPCP CI/CD Credential Theft"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "822dd269ec10459572dfaaefe163dae693c344249a0161953f0d5cdd110bd2a0",
    "published": "2026-03-24T14:30:08+02:00",
    "briefs": "Trivy Supply Chain Compromise: TeamPCP CI/CD Credential Theft"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "bef7e2c5a92c4fa4af17791efc1e46311c0f304796f1172fce192f5efc40f5d7",
    "published": "2026-03-24T14:30:08+02:00",
    "briefs": "Trivy Supply Chain Compromise: TeamPCP CI/CD Credential Theft"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "e64e152afe2c722d750f10259626f357cdea40420c5eedae37969fbf13abbecf",
    "published": "2026-03-24T14:30:08+02:00",
    "briefs": "Trivy Supply Chain Compromise: TeamPCP CI/CD Credential Theft"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "ecce7ae5ffc9f57bb70efd3ea136a2923f701334a8cd47d4fbf01a97fd22859c",
    "published": "2026-03-24T14:30:08+02:00",
    "briefs": "Trivy Supply Chain Compromise: TeamPCP CI/CD Credential Theft"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "d5edd791021b966fb6af0ace09319ace7b97d6642363ef27b3d5056ca654a94c",
    "published": "2026-03-24T14:30:08+02:00",
    "briefs": "Trivy Supply Chain Compromise: TeamPCP CI/CD Credential Theft"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "e6310d8a003d7ac101a6b1cd39ff6c6a88ee454b767c1bdce143e04bc1113243",
    "published": "2026-03-24T14:30:08+02:00",
    "briefs": "Trivy Supply Chain Compromise: TeamPCP CI/CD Credential Theft"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "6328a34b26a63423b555a61f89a6a0525a534e9c88584c815d937910f1ddd538",
    "published": "2026-03-24T14:30:08+02:00",
    "briefs": "Trivy Supply Chain Compromise: TeamPCP CI/CD Credential Theft"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "0880819ef821cff918960a39c1c1aada55a5593c61c608ea9215da858a86e349",
    "published": "2026-03-24T14:30:08+02:00",
    "briefs": "Trivy Supply Chain Compromise: TeamPCP CI/CD Credential Theft"
  },
  {
    "type": "FILE_NAME",
    "value": "tpcp.tar.gz",
    "published": "2026-03-24T14:30:08+02:00",
    "briefs": "Trivy Supply Chain Compromise: TeamPCP CI/CD Credential Theft"
  },
  {
    "type": "FILE_NAME",
    "value": "sysmon.py",
    "published": "2026-03-24T14:30:08+02:00",
    "briefs": "Trivy Supply Chain Compromise: TeamPCP CI/CD Credential Theft"
  },
  {
    "type": "FILE_NAME",
    "value": "entrypoint.sh",
    "published": "2026-03-24T14:30:08+02:00",
    "briefs": "Trivy Supply Chain Compromise: TeamPCP CI/CD Credential Theft"
  },
  {
    "type": "URL",
    "value": "https://api.skycloudcenter.com/a/chat/s/70521ddf-a2ef-4adf-9cf0-6d8e24aaa821",
    "published": "2026-02-03T17:59:08+02:00",
    "briefs": "The Chrysalis Backdoor: Vulnerable Notepad++ Updater Abuse by a Chinese APT Campaign"
  },
  {
    "type": "URL",
    "value": "http://api.wiresguard.com/users/admin",
    "published": "2026-02-03T17:59:08+02:00",
    "briefs": "The Chrysalis Backdoor: Vulnerable Notepad++ Updater Abuse by a Chinese APT Campaign"
  },
  {
    "type": "URL",
    "value": "http://api.wiresguard.com/update/v1",
    "published": "2026-02-03T17:59:08+02:00",
    "briefs": "The Chrysalis Backdoor: Vulnerable Notepad++ Updater Abuse by a Chinese APT Campaign"
  },
  {
    "type": "URL",
    "value": "http://api.wiresguard.com/api/FileUpload/submit",
    "published": "2026-02-03T17:59:08+02:00",
    "briefs": "The Chrysalis Backdoor: Vulnerable Notepad++ Updater Abuse by a Chinese APT Campaign"
  },
  {
    "type": "URL",
    "value": "http://59.110.7.32:8880/uffhxpSy",
    "published": "2026-02-03T17:59:08+02:00",
    "briefs": "The Chrysalis Backdoor: Vulnerable Notepad++ Updater Abuse by a Chinese APT Campaign"
  },
  {
    "type": "URL",
    "value": "http://59.110.7.32:8880/api/getBasicInfo/v1",
    "published": "2026-02-03T17:59:08+02:00",
    "briefs": "The Chrysalis Backdoor: Vulnerable Notepad++ Updater Abuse by a Chinese APT Campaign"
  },
  {
    "type": "URL",
    "value": "http://59.110.7.32:8880/api/Metadata/submit",
    "published": "2026-02-03T17:59:08+02:00",
    "briefs": "The Chrysalis Backdoor: Vulnerable Notepad++ Updater Abuse by a Chinese APT Campaign"
  },
  {
    "type": "URL",
    "value": "http://124.222.137.114:9999/3yZR31VK",
    "published": "2026-02-03T17:59:08+02:00",
    "briefs": "The Chrysalis Backdoor: Vulnerable Notepad++ Updater Abuse by a Chinese APT Campaign"
  },
  {
    "type": "URL",
    "value": "http://124.222.137.114:9999/api/updateStatus/v1",
    "published": "2026-02-03T17:59:08+02:00",
    "briefs": "The Chrysalis Backdoor: Vulnerable Notepad++ Updater Abuse by a Chinese APT Campaign"
  },
  {
    "type": "URL",
    "value": "http://124.222.137.114:9999/api/Info/submit",
    "published": "2026-02-03T17:59:08+02:00",
    "briefs": "The Chrysalis Backdoor: Vulnerable Notepad++ Updater Abuse by a Chinese APT Campaign"
  },
  {
    "type": "URL",
    "value": "https://api.wiresguard.com/users/system",
    "published": "2026-02-03T17:59:08+02:00",
    "briefs": "The Chrysalis Backdoor: Vulnerable Notepad++ Updater Abuse by a Chinese APT Campaign"
  },
  {
    "type": "URL",
    "value": "https://api.wiresguard.com/api/getInfo/v1",
    "published": "2026-02-03T17:59:08+02:00",
    "briefs": "The Chrysalis Backdoor: Vulnerable Notepad++ Updater Abuse by a Chinese APT Campaign"
  },
  {
    "type": "URL",
    "value": "https://api.wiresguard.com/api/Info/submit",
    "published": "2026-02-03T17:59:08+02:00",
    "briefs": "The Chrysalis Backdoor: Vulnerable Notepad++ Updater Abuse by a Chinese APT Campaign"
  },
  {
    "type": "DOMAIN",
    "value": "api.skycloudcenter.com",
    "published": "2026-02-03T17:59:08+02:00",
    "briefs": "The Chrysalis Backdoor: Vulnerable Notepad++ Updater Abuse by a Chinese APT Campaign"
  },
  {
    "type": "DOMAIN",
    "value": "api.wiresguard.com",
    "published": "2026-02-03T17:59:08+02:00",
    "briefs": "The Chrysalis Backdoor: Vulnerable Notepad++ Updater Abuse by a Chinese APT Campaign"
  },
  {
    "type": "IP_ADDRESS",
    "value": "95.179.213.0",
    "published": "2026-02-03T17:59:08+02:00",
    "briefs": "The Chrysalis Backdoor: Vulnerable Notepad++ Updater Abuse by a Chinese APT Campaign"
  },
  {
    "type": "IP_ADDRESS",
    "value": "61.4.102.97",
    "published": "2026-02-03T17:59:08+02:00",
    "briefs": "The Chrysalis Backdoor: Vulnerable Notepad++ Updater Abuse by a Chinese APT Campaign"
  },
  {
    "type": "IP_ADDRESS",
    "value": "59.110.7.32",
    "published": "2026-02-03T17:59:08+02:00",
    "briefs": "The Chrysalis Backdoor: Vulnerable Notepad++ Updater Abuse by a Chinese APT Campaign"
  },
  {
    "type": "IP_ADDRESS",
    "value": "124.222.137.114",
    "published": "2026-02-03T17:59:08+02:00",
    "briefs": "The Chrysalis Backdoor: Vulnerable Notepad++ Updater Abuse by a Chinese APT Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "8ea8b83645fba6e23d48075a0d3fc73ad2ba515b4536710cda4f1f232718f53e",
    "published": "2026-02-03T17:59:08+02:00",
    "briefs": "The Chrysalis Backdoor: Vulnerable Notepad++ Updater Abuse by a Chinese APT Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "2da00de67720f5f13b17e9d985fe70f10f153da60c9ab1086fe58f069a156924",
    "published": "2026-02-03T17:59:08+02:00",
    "briefs": "The Chrysalis Backdoor: Vulnerable Notepad++ Updater Abuse by a Chinese APT Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "77bfea78def679aa1117f569a35e8fd1542df21f7e00e27f192c907e61d63a2e",
    "published": "2026-02-03T17:59:08+02:00",
    "briefs": "The Chrysalis Backdoor: Vulnerable Notepad++ Updater Abuse by a Chinese APT Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "3bdc4c0637591533f1d4198a72a33426c01f69bd2e15ceee547866f65e26b7ad",
    "published": "2026-02-03T17:59:08+02:00",
    "briefs": "The Chrysalis Backdoor: Vulnerable Notepad++ Updater Abuse by a Chinese APT Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "0a9b8df968df41920b6ff07785cbfebe8bda29e6b512c94a3b2a83d10014d2fd",
    "published": "2026-02-03T17:59:08+02:00",
    "briefs": "The Chrysalis Backdoor: Vulnerable Notepad++ Updater Abuse by a Chinese APT Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "4c2ea8193f4a5db63b897a2d3ce127cc5d89687f380b97a1d91e0c8db542e4f8",
    "published": "2026-02-03T17:59:08+02:00",
    "briefs": "The Chrysalis Backdoor: Vulnerable Notepad++ Updater Abuse by a Chinese APT Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "e7cd605568c38bd6e0aba31045e1633205d0598c607a855e2e1bca4cca1c6eda",
    "published": "2026-02-03T17:59:08+02:00",
    "briefs": "The Chrysalis Backdoor: Vulnerable Notepad++ Updater Abuse by a Chinese APT Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "078a9e5c6c787e5532a7e728720cbafee9021bfec4a30e3c2be110748d7c43c5",
    "published": "2026-02-03T17:59:08+02:00",
    "briefs": "The Chrysalis Backdoor: Vulnerable Notepad++ Updater Abuse by a Chinese APT Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "b4169a831292e245ebdffedd5820584d73b129411546e7d3eccf4663d5fc5be3",
    "published": "2026-02-03T17:59:08+02:00",
    "briefs": "The Chrysalis Backdoor: Vulnerable Notepad++ Updater Abuse by a Chinese APT Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "7add554a98d3a99b319f2127688356c1283ed073a084805f14e33b4f6a6126fd",
    "published": "2026-02-03T17:59:08+02:00",
    "briefs": "The Chrysalis Backdoor: Vulnerable Notepad++ Updater Abuse by a Chinese APT Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "fcc2765305bcd213b7558025b2039df2265c3e0b6401e4833123c461df2de51a",
    "published": "2026-02-03T17:59:08+02:00",
    "briefs": "The Chrysalis Backdoor: Vulnerable Notepad++ Updater Abuse by a Chinese APT Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "a511be5164dc1122fb5a7daa3eef9467e43d8458425b15a640235796006590c9",
    "published": "2026-02-03T17:59:08+02:00",
    "briefs": "The Chrysalis Backdoor: Vulnerable Notepad++ Updater Abuse by a Chinese APT Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "9276594e73cda1c69b7d265b3f08dc8fa84bf2d6599086b9acc0bb3745146600",
    "published": "2026-02-03T17:59:08+02:00",
    "briefs": "The Chrysalis Backdoor: Vulnerable Notepad++ Updater Abuse by a Chinese APT Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "f4d829739f2d6ba7e3ede83dad428a0ced1a703ec582fc73a4eee3df3704629a",
    "published": "2026-02-03T17:59:08+02:00",
    "briefs": "The Chrysalis Backdoor: Vulnerable Notepad++ Updater Abuse by a Chinese APT Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "4a52570eeaf9d27722377865df312e295a7a23c3b6eb991944c2ecd707cc9906",
    "published": "2026-02-03T17:59:08+02:00",
    "briefs": "The Chrysalis Backdoor: Vulnerable Notepad++ Updater Abuse by a Chinese APT Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "831e1ea13a1bd405f5bda2b9d8f2265f7b1db6c668dd2165ccc8a9c4c15ea7dd",
    "published": "2026-02-03T17:59:08+02:00",
    "briefs": "The Chrysalis Backdoor: Vulnerable Notepad++ Updater Abuse by a Chinese APT Campaign"
  },
  {
    "type": "DOMAIN",
    "value": "cdn.jsdelivr.net",
    "published": "2026-01-28T21:06:00+02:00",
    "briefs": "Novel ClickFix Chain Delivers Amatera Stealer"
  },
  {
    "type": "DOMAIN",
    "value": "sec-t2.fainerkern.ru",
    "published": "2026-01-28T21:06:00+02:00",
    "briefs": "Novel ClickFix Chain Delivers Amatera Stealer"
  },
  {
    "type": "DOMAIN",
    "value": "svc-int-api-identity-token-issuer-v2-mn.in.net",
    "published": "2026-01-28T21:06:00+02:00",
    "briefs": "Novel ClickFix Chain Delivers Amatera Stealer"
  },
  {
    "type": "DOMAIN",
    "value": "gcdnb.pbrd.co",
    "published": "2026-01-28T21:06:00+02:00",
    "briefs": "Novel ClickFix Chain Delivers Amatera Stealer"
  },
  {
    "type": "DOMAIN",
    "value": "iili.io",
    "published": "2026-01-28T21:06:00+02:00",
    "briefs": "Novel ClickFix Chain Delivers Amatera Stealer"
  },
  {
    "type": "DOMAIN",
    "value": "s6.imgcdn.dev",
    "published": "2026-01-28T21:06:00+02:00",
    "briefs": "Novel ClickFix Chain Delivers Amatera Stealer"
  },
  {
    "type": "IP_ADDRESS",
    "value": "212.34.138.4",
    "published": "2026-01-28T21:06:00+02:00",
    "briefs": "Novel ClickFix Chain Delivers Amatera Stealer"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "b61fe68f0b1bef12eed8a34769120d77579af9d3c529ac48dfe82a08eefa001b",
    "published": "2026-01-28T21:06:00+02:00",
    "briefs": "Novel ClickFix Chain Delivers Amatera Stealer"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "64d723ead9b43a049f9c8e23c8d4ec09ffabeac2d9b079c863c89a4aab7c9a45",
    "published": "2026-01-28T21:06:00+02:00",
    "briefs": "Novel ClickFix Chain Delivers Amatera Stealer"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "9c35e9f637365706c00acaa050a4510adfcb47e7052b870c6d07f6d4464ac2d2",
    "published": "2026-01-28T21:06:00+02:00",
    "briefs": "Novel ClickFix Chain Delivers Amatera Stealer"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "3df78f628494b9d8d560ee2841fc3b5da6eecf9397f693f4416dab9e573ce38f",
    "published": "2026-01-28T21:06:00+02:00",
    "briefs": "Novel ClickFix Chain Delivers Amatera Stealer"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "bbfc4b48676aa78b5f18b50e733837a94df744da329fe5b1b7ba6920d9e02dc3",
    "published": "2026-01-28T21:06:00+02:00",
    "briefs": "Novel ClickFix Chain Delivers Amatera Stealer"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "5339d1169e2187a482fcbc86ea94e9799bb9dbaf264622595ee6e94b54b51778",
    "published": "2026-01-28T21:06:00+02:00",
    "briefs": "Novel ClickFix Chain Delivers Amatera Stealer"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "d8db6df5c28db9967206c652d5f48d46b6f863b4c4abb2f234ce8f41aea601cc",
    "published": "2026-01-28T21:06:00+02:00",
    "briefs": "Novel ClickFix Chain Delivers Amatera Stealer"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "18dad9cb91fb97a817e00fa0cd1cb9ab59f672b8ddab29f72708787f19bf6aa1",
    "published": "2026-01-28T21:06:00+02:00",
    "briefs": "Novel ClickFix Chain Delivers Amatera Stealer"
  },
  {
    "type": "FILE_NAME",
    "value": "herf54",
    "published": "2026-01-28T21:06:00+02:00",
    "briefs": "Novel ClickFix Chain Delivers Amatera Stealer"
  },
  {
    "type": "FILE_NAME",
    "value": "basic.ics",
    "published": "2026-01-28T21:06:00+02:00",
    "briefs": "Novel ClickFix Chain Delivers Amatera Stealer"
  },
  {
    "type": "FILE_NAME",
    "value": "qhs9hr5gPqez.png",
    "published": "2026-01-28T21:06:00+02:00",
    "briefs": "Novel ClickFix Chain Delivers Amatera Stealer"
  },
  {
    "type": "FILE_NAME",
    "value": "fOa2bcJ.png",
    "published": "2026-01-28T21:06:00+02:00",
    "briefs": "Novel ClickFix Chain Delivers Amatera Stealer"
  },
  {
    "type": "FILE_NAME",
    "value": "YzkCM2.png",
    "published": "2026-01-28T21:06:00+02:00",
    "briefs": "Novel ClickFix Chain Delivers Amatera Stealer"
  },
  {
    "type": "FILE_NAME",
    "value": "SyncAppvPublishingServer.vbs",
    "published": "2026-01-28T21:06:00+02:00",
    "briefs": "Novel ClickFix Chain Delivers Amatera Stealer"
  },
  {
    "type": "DOMAIN",
    "value": "regsvchst.com",
    "published": "2026-01-22T12:03:29+02:00",
    "briefs": "Qilin Ransomware Targets Pathology Associates of Saint Thomas"
  },
  {
    "type": "DOMAIN",
    "value": "holapor67.top",
    "published": "2026-01-22T12:03:29+02:00",
    "briefs": "Qilin Ransomware Targets Pathology Associates of Saint Thomas"
  },
  {
    "type": "IP_ADDRESS",
    "value": "85.239.34.91",
    "published": "2026-01-22T12:03:29+02:00",
    "briefs": "Qilin Ransomware Targets Pathology Associates of Saint Thomas"
  },
  {
    "type": "IP_ADDRESS",
    "value": "86.106.85.36",
    "published": "2026-01-22T12:03:29+02:00",
    "briefs": "Qilin Ransomware Targets Pathology Associates of Saint Thomas"
  },
  {
    "type": "EMAIL",
    "value": "mimikatzlogs@anti.pm",
    "published": "2026-01-22T12:03:29+02:00",
    "briefs": "Qilin Ransomware Targets Pathology Associates of Saint Thomas"
  },
  {
    "type": "EMAIL",
    "value": "mimikatz@anti.pm",
    "published": "2026-01-22T12:03:29+02:00",
    "briefs": "Qilin Ransomware Targets Pathology Associates of Saint Thomas"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "8fe746dd277e644fa0337db3394f0eadfafe57df029e13df9feef25c536adf4d",
    "published": "2026-01-22T12:03:29+02:00",
    "briefs": "Qilin Ransomware Targets Pathology Associates of Saint Thomas"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "dbe9ed8e8e8cdff3670e7205cb9f11b5a0fa9d1983a6c6bab67527d8775c4ffd",
    "published": "2026-01-22T12:03:29+02:00",
    "briefs": "Qilin Ransomware Targets Pathology Associates of Saint Thomas"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "38ddde36929a2ddf13b1844973550072c41004187eaa2456f86e20aa93036b18",
    "published": "2026-01-22T12:03:29+02:00",
    "briefs": "Qilin Ransomware Targets Pathology Associates of Saint Thomas"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "a068f595472c4f94baf1c2a8fba6831a327514e24ec4b38e1eee2cf1646b1591",
    "published": "2026-01-22T12:03:29+02:00",
    "briefs": "Qilin Ransomware Targets Pathology Associates of Saint Thomas"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "e129dd5cc80f39b24db489df999c847335d169910bd966814d2f81b0b1bbc365",
    "published": "2026-01-22T12:03:29+02:00",
    "briefs": "Qilin Ransomware Targets Pathology Associates of Saint Thomas"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "dd29138bf369863c33402a3fc995458ab5fc015a13a9378022131ab31d940c9f",
    "published": "2026-01-22T12:03:29+02:00",
    "briefs": "Qilin Ransomware Targets Pathology Associates of Saint Thomas"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "d1347f4dccebf2fcd672dcef9c66c91b9d3f12b9881e3e390626927718fda616",
    "published": "2026-01-22T12:03:29+02:00",
    "briefs": "Qilin Ransomware Targets Pathology Associates of Saint Thomas"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "912018ab3c6b16b39ee84f17745ff0c80a33cee241013ec35d0281e40c0658d9",
    "published": "2026-01-22T12:03:29+02:00",
    "briefs": "Qilin Ransomware Targets Pathology Associates of Saint Thomas"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "6ce228240458563d73c1c3cbbd04ef15cb7c5badacc78ce331848f5431b406cc",
    "published": "2026-01-22T12:03:29+02:00",
    "briefs": "Qilin Ransomware Targets Pathology Associates of Saint Thomas"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "e705f69afd97f343f3c1f2bc6027d30935a0bfd29ff025c563f6f8c1f9a7478e",
    "published": "2026-01-22T12:03:29+02:00",
    "briefs": "Qilin Ransomware Targets Pathology Associates of Saint Thomas"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "792182b7c5a56e5ccefd32073dc374e66c6a4e7981075e3804f49a276878e0fb",
    "published": "2026-01-22T12:03:29+02:00",
    "briefs": "Qilin Ransomware Targets Pathology Associates of Saint Thomas"
  },
  {
    "type": "FILE_NAME",
    "value": "/tmp/processor.sh",
    "published": "2025-09-28T17:01:09+03:00",
    "briefs": "Shai-Hulud: Ongoing Package Supply Chain Worm Delivering Data-Stealing Malware"
  },
  {
    "type": "FILE_NAME",
    "value": "/tmp/migrate-repos.sh",
    "published": "2025-09-28T17:01:09+03:00",
    "briefs": "Shai-Hulud: Ongoing Package Supply Chain Worm Delivering Data-Stealing Malware"
  },
  {
    "type": "URL",
    "value": "webhook.site/bb8ca5f6-4175-45d2-b042-fc9ebb8170b7",
    "published": "2025-09-28T17:01:09+03:00",
    "briefs": "Shai-Hulud: Ongoing Package Supply Chain Worm Delivering Data-Stealing Malware"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "46faab8ab153fae6e80e7cca38eab363075bb524edd79e42269217a083628f09",
    "published": "2025-09-28T17:01:09+03:00",
    "briefs": "Shai-Hulud: Ongoing Package Supply Chain Worm Delivering Data-Stealing Malware"
  },
  {
    "type": "IP_ADDRESS",
    "value": "154.41.95.2",
    "published": "2025-09-21T15:28:48+03:00",
    "briefs": "Widespread Data Theft Targets Salesforce Instances via Salesloft Drift"
  },
  {
    "type": "IP_ADDRESS",
    "value": "176.65.149.100",
    "published": "2025-09-21T15:28:48+03:00",
    "briefs": "Widespread Data Theft Targets Salesforce Instances via Salesloft Drift"
  },
  {
    "type": "IP_ADDRESS",
    "value": "179.43.159.198",
    "published": "2025-09-21T15:28:48+03:00",
    "briefs": "Widespread Data Theft Targets Salesforce Instances via Salesloft Drift"
  },
  {
    "type": "IP_ADDRESS",
    "value": "44.215.108.109",
    "published": "2025-09-21T15:28:48+03:00",
    "briefs": "Widespread Data Theft Targets Salesforce Instances via Salesloft Drift"
  },
  {
    "type": "IP_ADDRESS",
    "value": "185.130.47.58",
    "published": "2025-09-21T15:28:48+03:00",
    "briefs": "Widespread Data Theft Targets Salesforce Instances via Salesloft Drift"
  },
  {
    "type": "IP_ADDRESS",
    "value": "185.207.107.130",
    "published": "2025-09-21T15:28:48+03:00",
    "briefs": "Widespread Data Theft Targets Salesforce Instances via Salesloft Drift"
  },
  {
    "type": "IP_ADDRESS",
    "value": "185.220.101.133",
    "published": "2025-09-21T15:28:48+03:00",
    "briefs": "Widespread Data Theft Targets Salesforce Instances via Salesloft Drift"
  },
  {
    "type": "IP_ADDRESS",
    "value": "185.220.101.143",
    "published": "2025-09-21T15:28:48+03:00",
    "briefs": "Widespread Data Theft Targets Salesforce Instances via Salesloft Drift"
  },
  {
    "type": "IP_ADDRESS",
    "value": "185.220.101.164",
    "published": "2025-09-21T15:28:48+03:00",
    "briefs": "Widespread Data Theft Targets Salesforce Instances via Salesloft Drift"
  },
  {
    "type": "IP_ADDRESS",
    "value": "185.220.101.167",
    "published": "2025-09-21T15:28:48+03:00",
    "briefs": "Widespread Data Theft Targets Salesforce Instances via Salesloft Drift"
  },
  {
    "type": "IP_ADDRESS",
    "value": "185.220.101.169",
    "published": "2025-09-21T15:28:48+03:00",
    "briefs": "Widespread Data Theft Targets Salesforce Instances via Salesloft Drift"
  },
  {
    "type": "IP_ADDRESS",
    "value": "185.220.101.180",
    "published": "2025-09-21T15:28:48+03:00",
    "briefs": "Widespread Data Theft Targets Salesforce Instances via Salesloft Drift"
  },
  {
    "type": "IP_ADDRESS",
    "value": "185.220.101.185",
    "published": "2025-09-21T15:28:48+03:00",
    "briefs": "Widespread Data Theft Targets Salesforce Instances via Salesloft Drift"
  },
  {
    "type": "IP_ADDRESS",
    "value": "185.220.101.33",
    "published": "2025-09-21T15:28:48+03:00",
    "briefs": "Widespread Data Theft Targets Salesforce Instances via Salesloft Drift"
  },
  {
    "type": "IP_ADDRESS",
    "value": "192.42.116.179",
    "published": "2025-09-21T15:28:48+03:00",
    "briefs": "Widespread Data Theft Targets Salesforce Instances via Salesloft Drift"
  },
  {
    "type": "IP_ADDRESS",
    "value": "192.42.116.20",
    "published": "2025-09-21T15:28:48+03:00",
    "briefs": "Widespread Data Theft Targets Salesforce Instances via Salesloft Drift"
  },
  {
    "type": "IP_ADDRESS",
    "value": "195.47.238.178",
    "published": "2025-09-21T15:28:48+03:00",
    "briefs": "Widespread Data Theft Targets Salesforce Instances via Salesloft Drift"
  },
  {
    "type": "IP_ADDRESS",
    "value": "195.47.238.83",
    "published": "2025-09-21T15:28:48+03:00",
    "briefs": "Widespread Data Theft Targets Salesforce Instances via Salesloft Drift"
  },
  {
    "type": "IP_ADDRESS",
    "value": "194.15.36.117",
    "published": "2025-09-21T15:28:48+03:00",
    "briefs": "Widespread Data Theft Targets Salesforce Instances via Salesloft Drift"
  },
  {
    "type": "IP_ADDRESS",
    "value": "166.88.114.203",
    "published": "2025-09-21T15:24:38+03:00",
    "briefs": "Uncloaking VoidProxy: a Novel and Evasive Phishing-as-a-Service Framework"
  },
  {
    "type": "IP_ADDRESS",
    "value": "192.9.246.161",
    "published": "2025-09-21T15:24:38+03:00",
    "briefs": "Uncloaking VoidProxy: a Novel and Evasive Phishing-as-a-Service Framework"
  },
  {
    "type": "DOMAIN",
    "value": "accounts.mzvyci.icu",
    "published": "2025-09-21T15:24:38+03:00",
    "briefs": "Uncloaking VoidProxy: a Novel and Evasive Phishing-as-a-Service Framework"
  },
  {
    "type": "DOMAIN",
    "value": "accounts.nfutdb.icu",
    "published": "2025-09-21T15:24:38+03:00",
    "briefs": "Uncloaking VoidProxy: a Novel and Evasive Phishing-as-a-Service Framework"
  },
  {
    "type": "DOMAIN",
    "value": "accounts.oyswkt.cfd",
    "published": "2025-09-21T15:24:38+03:00",
    "briefs": "Uncloaking VoidProxy: a Novel and Evasive Phishing-as-a-Service Framework"
  },
  {
    "type": "DOMAIN",
    "value": "newnewdomnewcgbdhghjhi.prophfrot.top",
    "published": "2025-09-21T15:24:38+03:00",
    "briefs": "Uncloaking VoidProxy: a Novel and Evasive Phishing-as-a-Service Framework"
  },
  {
    "type": "DOMAIN",
    "value": "newnewdomnewebjjfjegfd.eeocl.com",
    "published": "2025-09-21T15:24:38+03:00",
    "briefs": "Uncloaking VoidProxy: a Novel and Evasive Phishing-as-a-Service Framework"
  },
  {
    "type": "DOMAIN",
    "value": "newnewdomnewdihbddahf.access-point.icu",
    "published": "2025-09-21T15:24:38+03:00",
    "briefs": "Uncloaking VoidProxy: a Novel and Evasive Phishing-as-a-Service Framework"
  },
  {
    "type": "DOMAIN",
    "value": "securedauthxxccbgchgfj.xhfwez.icu",
    "published": "2025-09-21T15:24:38+03:00",
    "briefs": "Uncloaking VoidProxy: a Novel and Evasive Phishing-as-a-Service Framework"
  },
  {
    "type": "DOMAIN",
    "value": "securedauthxxdcigbjdddj.losozr.icu",
    "published": "2025-09-21T15:24:38+03:00",
    "briefs": "Uncloaking VoidProxy: a Novel and Evasive Phishing-as-a-Service Framework"
  },
  {
    "type": "DOMAIN",
    "value": "securedauthxxeafihgjdhb.dcohcv.icu",
    "published": "2025-09-21T15:24:38+03:00",
    "briefs": "Uncloaking VoidProxy: a Novel and Evasive Phishing-as-a-Service Framework"
  },
  {
    "type": "DOMAIN",
    "value": "voidproxy.8da1ae5af7f283.166.88.114.203.sslip.io",
    "published": "2025-09-21T15:24:38+03:00",
    "briefs": "Uncloaking VoidProxy: a Novel and Evasive Phishing-as-a-Service Framework"
  },
  {
    "type": "DOMAIN",
    "value": "voidproxy.d615123c2192ee.198.23.197.163.sslip.io",
    "published": "2025-09-21T15:24:38+03:00",
    "briefs": "Uncloaking VoidProxy: a Novel and Evasive Phishing-as-a-Service Framework"
  },
  {
    "type": "DOMAIN",
    "value": "voidproxy.c2d56d07339c96.c09f63a1.nip.io",
    "published": "2025-09-21T15:24:38+03:00",
    "briefs": "Uncloaking VoidProxy: a Novel and Evasive Phishing-as-a-Service Framework"
  },
  {
    "type": "DOMAIN",
    "value": "voidproxy.672d6b84579b84.c21ac039.nip.io",
    "published": "2025-09-21T15:24:38+03:00",
    "briefs": "Uncloaking VoidProxy: a Novel and Evasive Phishing-as-a-Service Framework"
  },
  {
    "type": "DOMAIN",
    "value": "ticket-louisvuitton.com",
    "published": "2025-09-21T15:21:59+03:00",
    "briefs": "Threat Spotlight: ShinyHunters Targets Salesforce Amid Clues of Scattered Spider Collaboration"
  },
  {
    "type": "DOMAIN",
    "value": "ticket-dior.com",
    "published": "2025-09-21T15:21:59+03:00",
    "briefs": "Threat Spotlight: ShinyHunters Targets Salesforce Amid Clues of Scattered Spider Collaboration"
  },
  {
    "type": "DOMAIN",
    "value": "dashboard-salesforce.com",
    "published": "2025-09-21T15:21:59+03:00",
    "briefs": "Threat Spotlight: ShinyHunters Targets Salesforce Amid Clues of Scattered Spider Collaboration"
  },
  {
    "type": "DOMAIN",
    "value": "ticket-lvmh.com",
    "published": "2025-09-21T15:21:59+03:00",
    "briefs": "Threat Spotlight: ShinyHunters Targets Salesforce Amid Clues of Scattered Spider Collaboration"
  },
  {
    "type": "IP_ADDRESS",
    "value": "80.64.16.87",
    "published": "2025-09-21T15:09:14+03:00",
    "briefs": "Ransomware Gangs Collapse as Qilin Seizes Control"
  },
  {
    "type": "IP_ADDRESS",
    "value": "185.196.10.19",
    "published": "2025-09-21T15:09:14+03:00",
    "briefs": "Ransomware Gangs Collapse as Qilin Seizes Control"
  },
  {
    "type": "IP_ADDRESS",
    "value": "185.208.156.157",
    "published": "2025-09-21T15:09:14+03:00",
    "briefs": "Ransomware Gangs Collapse as Qilin Seizes Control"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "31c3574456573c89d444478772597db40f075e25c67b8de39926d2faa63ca1d8",
    "published": "2025-09-21T15:09:14+03:00",
    "briefs": "Ransomware Gangs Collapse as Qilin Seizes Control"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "C9707a3bc0f177e1d1a5587c61699975b1153406962d187c9a732f97d8f867c5",
    "published": "2025-09-21T15:09:14+03:00",
    "briefs": "Ransomware Gangs Collapse as Qilin Seizes Control"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "13cda19a9bf493f168d0eb6e8b2300828017b0ef437f75548a6c50bfb4a42a09",
    "published": "2025-09-21T15:09:14+03:00",
    "briefs": "Ransomware Gangs Collapse as Qilin Seizes Control"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "a7f2a21c0cd5681eab30265432367cf4b649d2b340963a977e70a16738e955ac",
    "published": "2025-09-21T15:09:14+03:00",
    "briefs": "Ransomware Gangs Collapse as Qilin Seizes Control"
  },
  {
    "type": "IP_ADDRESS",
    "value": "109.205.195.211",
    "published": "2025-09-21T11:06:08+03:00",
    "briefs": "From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira"
  },
  {
    "type": "IP_ADDRESS",
    "value": "188.40.187.145",
    "published": "2025-09-21T11:06:08+03:00",
    "briefs": "From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira"
  },
  {
    "type": "IP_ADDRESS",
    "value": "172.96.137.160",
    "published": "2025-09-21T11:06:08+03:00",
    "briefs": "From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira"
  },
  {
    "type": "IP_ADDRESS",
    "value": "170.130.55.223",
    "published": "2025-09-21T11:06:08+03:00",
    "briefs": "From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira"
  },
  {
    "type": "IP_ADDRESS",
    "value": "193.242.184.150",
    "published": "2025-09-21T11:06:08+03:00",
    "briefs": "From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira"
  },
  {
    "type": "IP_ADDRESS",
    "value": "83.229.17.60",
    "published": "2025-09-21T11:06:08+03:00",
    "briefs": "From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira"
  },
  {
    "type": "IP_ADDRESS",
    "value": "185.174.100.203",
    "published": "2025-09-21T11:06:08+03:00",
    "briefs": "From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira"
  },
  {
    "type": "DOMAIN",
    "value": "ev2sirbd269o5j.org",
    "published": "2025-09-21T11:06:08+03:00",
    "briefs": "From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira"
  },
  {
    "type": "DOMAIN",
    "value": "2rxyt9urhq0bgj.org",
    "published": "2025-09-21T11:06:08+03:00",
    "briefs": "From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira"
  },
  {
    "type": "DOMAIN",
    "value": "opmanager.pro",
    "published": "2025-09-21T11:06:08+03:00",
    "briefs": "From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira"
  },
  {
    "type": "DOMAIN",
    "value": "angryipscanner.org",
    "published": "2025-09-21T11:06:08+03:00",
    "briefs": "From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira"
  },
  {
    "type": "DOMAIN",
    "value": "axiscamerastation.org",
    "published": "2025-09-21T11:06:08+03:00",
    "briefs": "From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira"
  },
  {
    "type": "DOMAIN",
    "value": "ip-scanner.org",
    "published": "2025-09-21T11:06:08+03:00",
    "briefs": "From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "18b8e6762afd29a09becae283083c74a19fc09db1f2c3412c42f1b0178bc122a",
    "published": "2025-09-21T11:06:08+03:00",
    "briefs": "From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "de730d969854c3697fd0e0803826b4222f3a14efe47e4c60ed749fff6edce19d",
    "published": "2025-09-21T11:06:08+03:00",
    "briefs": "From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "6ba5d96e52734cbb9246bcc3decf127f780d48fa11587a1a44880c1f04404d23",
    "published": "2025-09-21T11:06:08+03:00",
    "briefs": "From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "a6df0b49a5ef9ffd6513bfe061fb60f6d2941a440038e2de8a7aeb1914945331",
    "published": "2025-09-21T11:06:08+03:00",
    "briefs": "From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "a14506c6fb92a5af88a6a44d273edafe10d69ee3d85c8b2a7ac458a22edf68d2",
    "published": "2025-09-21T11:06:08+03:00",
    "briefs": "From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "186b26df63df3b7334043b47659cba4185c948629d857d47452cc1936f0aa5da",
    "published": "2025-09-21T11:06:08+03:00",
    "briefs": "From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira"
  },
  {
    "type": "IP_ADDRESS",
    "value": "91.107.190.236",
    "published": "2025-09-21T11:03:04+03:00",
    "briefs": "Citrix Forgot to Tell You CVE-2025–6543 Has Been Used as a Zero Day Since May 2025"
  },
  {
    "type": "IP_ADDRESS",
    "value": "88.119.169.150",
    "published": "2025-09-21T11:03:04+03:00",
    "briefs": "Citrix Forgot to Tell You CVE-2025–6543 Has Been Used as a Zero Day Since May 2025"
  },
  {
    "type": "IP_ADDRESS",
    "value": "38.60.245.99",
    "published": "2025-09-21T11:03:04+03:00",
    "briefs": "Citrix Forgot to Tell You CVE-2025–6543 Has Been Used as a Zero Day Since May 2025"
  },
  {
    "type": "IP_ADDRESS",
    "value": "101.99.91.107",
    "published": "2025-09-21T11:03:04+03:00",
    "briefs": "Citrix Forgot to Tell You CVE-2025–6543 Has Been Used as a Zero Day Since May 2025"
  },
  {
    "type": "IP_ADDRESS",
    "value": "84.55.67.133",
    "published": "2025-09-21T11:03:04+03:00",
    "briefs": "Citrix Forgot to Tell You CVE-2025–6543 Has Been Used as a Zero Day Since May 2025"
  },
  {
    "type": "IP_ADDRESS",
    "value": "194.36.37.5",
    "published": "2025-09-21T11:03:04+03:00",
    "briefs": "Citrix Forgot to Tell You CVE-2025–6543 Has Been Used as a Zero Day Since May 2025"
  },
  {
    "type": "SHA1_FILE_HASH",
    "value": "82ED942A52CDCF120A8919730E00BA37619661A3",
    "published": "2025-09-17T18:13:51+03:00",
    "briefs": "Driver of Destruction: How a Legitimate Driver Is Being Used To Take Down AV Processes"
  },
  {
    "type": "SHA1_FILE_HASH",
    "value": "F02DAF614109F39BABDCB6F8841DD6981E929D70",
    "published": "2025-09-17T18:13:51+03:00",
    "briefs": "Driver of Destruction: How a Legitimate Driver Is Being Used To Take Down AV Processes"
  },
  {
    "type": "SHA1_FILE_HASH",
    "value": "C0979EC20B87084317D1BFA50405F7149C3B5C5F",
    "published": "2025-09-17T18:13:51+03:00",
    "briefs": "Driver of Destruction: How a Legitimate Driver Is Being Used To Take Down AV Processes"
  },
  {
    "type": "SHA1_FILE_HASH",
    "value": "EFF7919D5DE737D9A64F7528E86E3666051A49AA",
    "published": "2025-09-17T18:13:51+03:00",
    "briefs": "Driver of Destruction: How a Legitimate Driver Is Being Used To Take Down AV Processes"
  },
  {
    "type": "SHA1_FILE_HASH",
    "value": "0A15BE464A603B1EEBC61744DC60510CE169E135",
    "published": "2025-09-17T18:13:51+03:00",
    "briefs": "Driver of Destruction: How a Legitimate Driver Is Being Used To Take Down AV Processes"
  },
  {
    "type": "SHA1_FILE_HASH",
    "value": "D5A050C73346F01FC9AD767D345ED36C221BAAC2",
    "published": "2025-09-17T18:13:51+03:00",
    "briefs": "Driver of Destruction: How a Legitimate Driver Is Being Used To Take Down AV Processes"
  },
  {
    "type": "SHA1_FILE_HASH",
    "value": "987834891CEA821BCD3CE1F6D3E549282D38B8D3",
    "published": "2025-09-17T18:13:51+03:00",
    "briefs": "Driver of Destruction: How a Legitimate Driver Is Being Used To Take Down AV Processes"
  },
  {
    "type": "SHA1_FILE_HASH",
    "value": "86A2A93A31E0151888C52DBBC8E33A7A3F4357DB",
    "published": "2025-09-17T18:13:51+03:00",
    "briefs": "Driver of Destruction: How a Legitimate Driver Is Being Used To Take Down AV Processes"
  },
  {
    "type": "SHA1_FILE_HASH",
    "value": "DCAED7526CDA644A23DA542D01017D48D97C9533",
    "published": "2025-09-17T18:13:51+03:00",
    "briefs": "Driver of Destruction: How a Legitimate Driver Is Being Used To Take Down AV Processes"
  },
  {
    "type": "URL",
    "value": "https://googl-6c11f.firebaseapp.com/job/file-846873865383.html",
    "published": "2025-09-14T13:30:14+03:00",
    "briefs": "A Flyby on the CFO's Inbox: Spear-Phishing Campaign Targeting Financial Executives with NetBird Deployment"
  },
  {
    "type": "URL",
    "value": "https://googl-6c11f.web.app/job/9867648797586_Scan_15052025-736574.html",
    "published": "2025-09-14T13:30:14+03:00",
    "briefs": "A Flyby on the CFO's Inbox: Spear-Phishing Campaign Targeting Financial Executives with NetBird Deployment"
  },
  {
    "type": "URL",
    "value": "http://192.3.95.152/cloudshare/atr/pull.pdf",
    "published": "2025-09-14T13:30:14+03:00",
    "briefs": "A Flyby on the CFO's Inbox: Spear-Phishing Campaign Targeting Financial Executives with NetBird Deployment"
  },
  {
    "type": "URL",
    "value": "http://192.3.95.152/cloudshare/atr/trm",
    "published": "2025-09-14T13:30:14+03:00",
    "briefs": "A Flyby on the CFO's Inbox: Spear-Phishing Campaign Targeting Financial Executives with NetBird Deployment"
  },
  {
    "type": "URL",
    "value": "http://onlineview-5e3cf.web.app/sharepoint/commande/rid=65476386546.html",
    "published": "2025-09-14T13:30:14+03:00",
    "briefs": "A Flyby on the CFO's Inbox: Spear-Phishing Campaign Targeting Financial Executives with NetBird Deployment"
  },
  {
    "type": "URL",
    "value": "https://web-16fe.app",
    "published": "2025-09-14T13:30:14+03:00",
    "briefs": "A Flyby on the CFO's Inbox: Spear-Phishing Campaign Targeting Financial Executives with NetBird Deployment"
  },
  {
    "type": "URL",
    "value": "https://cloud-ed980.firebaseapp.com",
    "published": "2025-09-14T13:30:14+03:00",
    "briefs": "A Flyby on the CFO's Inbox: Spear-Phishing Campaign Targeting Financial Executives with NetBird Deployment"
  },
  {
    "type": "MD5_FILE_HASH",
    "value": "53192b6ba65a6abd44f167b3a8d0e52d",
    "published": "2025-09-14T13:30:14+03:00",
    "briefs": "A Flyby on the CFO's Inbox: Spear-Phishing Campaign Targeting Financial Executives with NetBird Deployment"
  },
  {
    "type": "MD5_FILE_HASH",
    "value": "4cd73946b68b2153dbff7dee004012c3",
    "published": "2025-09-14T13:30:14+03:00",
    "briefs": "A Flyby on the CFO's Inbox: Spear-Phishing Campaign Targeting Financial Executives with NetBird Deployment"
  },
  {
    "type": "MD5_FILE_HASH",
    "value": "B91162a019934b9cb3c084770ac03efe",
    "published": "2025-09-14T13:30:14+03:00",
    "briefs": "A Flyby on the CFO's Inbox: Spear-Phishing Campaign Targeting Financial Executives with NetBird Deployment"
  },
  {
    "type": "IP_ADDRESS",
    "value": "192.3.95.152",
    "published": "2025-09-14T13:30:14+03:00",
    "briefs": "A Flyby on the CFO's Inbox: Spear-Phishing Campaign Targeting Financial Executives with NetBird Deployment"
  },
  {
    "type": "DOMAIN",
    "value": "doculuma.com",
    "published": "2025-09-14T13:30:14+03:00",
    "briefs": "ClickFix Emerges as Second Most Popular Initial Access Vector"
  },
  {
    "type": "DOMAIN",
    "value": "fatoreader.com",
    "published": "2025-09-14T13:30:14+03:00",
    "briefs": "ClickFix Emerges as Second Most Popular Initial Access Vector"
  },
  {
    "type": "DOMAIN",
    "value": "fatoreader.net",
    "published": "2025-09-14T13:30:14+03:00",
    "briefs": "ClickFix Emerges as Second Most Popular Initial Access Vector"
  },
  {
    "type": "DOMAIN",
    "value": "gamascript.com",
    "published": "2025-09-14T13:30:14+03:00",
    "briefs": "ClickFix Emerges as Second Most Popular Initial Access Vector"
  },
  {
    "type": "DOMAIN",
    "value": "verdascript.com",
    "published": "2025-09-14T13:30:14+03:00",
    "briefs": "ClickFix Emerges as Second Most Popular Initial Access Vector"
  },
  {
    "type": "URL",
    "value": "ajsdiaolke.shop/endpoint",
    "published": "2025-09-14T13:30:14+03:00",
    "briefs": "ClickFix Emerges as Second Most Popular Initial Access Vector"
  },
  {
    "type": "URL",
    "value": "daslkjfhi2.lol/page",
    "published": "2025-09-14T13:30:14+03:00",
    "briefs": "ClickFix Emerges as Second Most Popular Initial Access Vector"
  },
  {
    "type": "URL",
    "value": "http://mylittlecabbage.net/qhsddxna",
    "published": "2025-09-14T13:30:14+03:00",
    "briefs": "ClickFix Emerges as Second Most Popular Initial Access Vector"
  },
  {
    "type": "URL",
    "value": "https://oazevents.com/loader.html",
    "published": "2025-09-14T13:30:14+03:00",
    "briefs": "ClickFix Emerges as Second Most Popular Initial Access Vector"
  },
  {
    "type": "MD5_FILE_HASH",
    "value": "194577a7e20bdcc7afbb718f502c134c",
    "published": "2025-09-14T13:30:14+03:00",
    "briefs": "ClickFix Emerges as Second Most Popular Initial Access Vector"
  },
  {
    "type": "MD5_FILE_HASH",
    "value": "602e1f42d73cadcd73338ffbc553d5a2",
    "published": "2025-09-14T13:30:14+03:00",
    "briefs": "ClickFix Emerges as Second Most Popular Initial Access Vector"
  },
  {
    "type": "MD5_FILE_HASH",
    "value": "9701fec71e5bbec912f69c8ed63ffb6dba21b9cca7e67da5d60a72139c1795d1",
    "published": "2025-09-14T13:30:14+03:00",
    "briefs": "ClickFix Emerges as Second Most Popular Initial Access Vector"
  },
  {
    "type": "MD5_FILE_HASH",
    "value": "07e0c15adc6fcf6096dd5b0b03c20145171c00afe14100468f18f01876457c80",
    "published": "2025-09-14T13:30:14+03:00",
    "briefs": "ClickFix Emerges as Second Most Popular Initial Access Vector"
  },
  {
    "type": "MD5_FILE_HASH",
    "value": "11909c0262563f29d28312baffb7ff027f113512c5a76bab7c5870f348ff778f",
    "published": "2025-09-14T13:30:14+03:00",
    "briefs": "ClickFix Emerges as Second Most Popular Initial Access Vector"
  },
  {
    "type": "IP_ADDRESS",
    "value": "91.222.173.113",
    "published": "2025-09-14T13:30:14+03:00",
    "briefs": "ClickFix Emerges as Second Most Popular Initial Access Vector"
  },
  {
    "type": "IP_ADDRESS",
    "value": "77.221.157.170",
    "published": "2025-09-14T13:30:14+03:00",
    "briefs": "ClickFix Emerges as Second Most Popular Initial Access Vector"
  }
]