[
  {
    "type": "IP_ADDRESS",
    "value": "136.243.203.109",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "IP_ADDRESS",
    "value": "136.243.203.111",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "IP_ADDRESS",
    "value": "138.199.246.13",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "IP_ADDRESS",
    "value": "116.203.243.208",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "DOMAIN",
    "value": "pool.supportxmr.com",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "097a87cfa4a5186aba3bba096866692951bde59c6f0c2e8c1c4a599246d14da8",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "201594c9d173bba6cb509407ecba378c19b93da0a81a2182a913c480e6dbb54e",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "20bf39e1e67152039e70a01ad9e7b23c08d23d2a724ef9c44903f3d4353a2275",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "35dde1b2482b12582820a861e7c46f10721af6b75052fc872c05d2230a4e8ca1",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "43920ef7d2742d140a1ab2a1ef172c716903474c73561377dc4f1534d2c5f581",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "47d6d1a38534ba897a5a1e293e3d5df303bbd8e0526e756ad08887ffc1417bef",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "68ced9d7c1b1ff8ffb5f56c7d3f849d4fd16a1b95324426811424b40043d6d25",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "6b7ff061eebeb9ead8812c410247768a7ba90786aeeb1bafa6412cc5b08237b5",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "739cdedb20de39aeb1f15dc8c2dbbf15fa993250fd879bf87443ff9aeaf4997b",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "74df77b6a83d89fa137fd285a2efde36b1d62c00b3be81cc93df7d1e6e94837b",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "8b40cc7d173efd27fb60f3d260acef28f58d67d1f39597e1d611db311a305f62",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "9656d3301f63ef6114289739a1c44082206298f787238fc6c190ad87eab24751",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "9b3df1b6c1b98c201de09a7719066f7bcae6b66a3173b703a617f53fddf67d51",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "a17a972a05afe387ed32aa2986d5be8bca2f22619d0aedfa834c6963abfab3bf",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "a4f979b4a5d7bc8bc455dd4c09b44e51a389576fccce35a2c8da3ce680237565",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "a64843ebfbc39e96ec7613003b1b5c3a9b878874ea15a05e1d34ce91781ebfb6",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "aaa2bc1128d8b8b2da76262bf87ede19bac053cca6576efba6aaa71c9438c304",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "b830f043076a12748b6a2dc0810ece85439ee77434d991ae7d84201b09ead756",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "bb30cc2b302d9a6963109b201b78d4163bb6c2d7bc8bf5a66e9a744b62fc2717",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "c328b78c21060e2203ac517833fce41572b91878e187f85fa434cd6914659834",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "c7a4a547eb7f6b0b4b75bb6dd8955244bb2618ba234ae740cdedd7c2d30e3465",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "d384c403c084967d8c967501ee6332b050af04ef424f13a3f5a88d155389d98c",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "d6446f2803444bd2200d48a01a9ad7d487e67e8e831c9cd13f89cbfec17fd4e2",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "d7c9c9469c513c05aa431fae34f414f91fcf3f794d3e76b6e4d0b92c4cd3ff2e",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "d8c1f96107a3349e62b3ab9afc60f62af9c89b6961b637a26b71e1230f2b3b8a",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "f0dcb7e407de85d8de8e2221df8dddecac8aec88af8975c9f07e14100f6edb88",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "0a6a67a2fc4d79ec1cd8afc5b8b7a5e69a406e53d57a7334e097c5d0644de5f6",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "488d941b7b4428b0f4a0e5495e3857b9b96215fb3e7f164b06640d59096425e6",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "5d7324d8b5a25f862ef8223c6766d0e80af3ad168e17312b265e13a3a68e0ded",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "7720e83c02a027d70ae201c393c1956aa2fa8199879a3a4c4fd1d20b03022cfd",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "7e49da0ae2f81e14841f356b4d69f0480c2d9ce3fab5a3fa91b0036d9a36fa0f",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "b8b5f6991a3a61083461d5269245bebf28b90934c328848ba8c1e084a5a6216c",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "b927d265fa29e471c1ae0d31516e480c09c0fb17f480ad08ea8d5b73e84b7a1b",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "b9b6893fa6b04ee8daa29e515c08239ac5204af1a1fa2bc10006eede1b41329b",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "c7c37a973b14edd5b6b2da4a1497c593e43640735ff54aecc9a3288fa5e548e3",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "d2148a458da46e81702136aa915312d360805f083d1f37ff5531db9fbdb8ad6d",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "d7b56818c829960b692de9ad5a14e52669d953e9f074f7218c3fe34ede4a11a0",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "db2a872f712fbdb1e347d06e29a9ed8278d86710ffc14ff04422be76e47124f4",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "e9e5e748ec5c0b811c8e60b0e55059edb4d2df86ff3ca45969e57d5fecb11a38",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "03e6f4f49cec3af38bbec9ed64c195c7a85a630ec989efb3669f04a2993c1dd7",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "914c18a04a2727bba9cecab78a1d516ec3c7a3f667e0e5a6081aa0e9206a69fe",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "d78082dc33c6dca98316e865efa9829c6eb5a97c2ca3cd4ea6c2123a5f6ae45b",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "15489bcd6e4602b41c9a787ec8d7ab027d5e45d400938048bb1c702ad5937980",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "169a330353e53a409e0109c914404354741ff1e1c64e501738dc05e58ea92abc",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "2a02ec4af5ed591afdf1236a443e3b68642ee133f38a2857d1eada51246ab498",
    "published": "2026-07-16T12:02:20+03:00",
    "briefs": "Vidar Stealer and XMRig X3D MINER Cracked Software Campaign"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "9b2e65db653ca8575c9b10eefb9a80c6006404812c2ec212bf5675e3c690233b",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "d425e4583cc6185d41e95c45eda00550045a5d1919b9a012236a4520d009dbd7",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "bfaeb987faa6de2b5a5eb63b1233d055215b09b0349a9394f2175fd7cdf385e4",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "34014776d3d3ff11bc4439b02fd7ac0f02a887eb3a052eeafff236e2f6db8ad1",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "082d733db0687dcd768104972b065d4b58cb1e6043688c6c20fa3702337f36ab",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "9e214f38537e69bf51c7fa1ddd35ae495e9cb897231ec010baf9e4f29407ee9a",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "f873941d1907a97dc6c718fdecf59fd7d91f3f8212da2f7e5314b878b88bdc0b",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "550af477c12192a22f5c9edb9c8081c0a789b3a1a2992a7ecb157cca1c975e10",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "24b9ee242f21a73b55f7bb3297eafb33c60840907386b542ed79fc6b72365168",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "9f1a709310824f9110c6203d861a721ebefba8b204a8657057fe57efb961c850",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "SHA1_FILE_HASH",
    "value": "22bf76fe317ea6769bd38619bd440e42d119bd6b",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "SHA1_FILE_HASH",
    "value": "a7e18d96efd3cdb127ef4cdcad9e3ad26c482bf2",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "SHA1_FILE_HASH",
    "value": "9890950adcbc2478e7a080234f053214adbad44e",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "SHA1_FILE_HASH",
    "value": "c70e105e212ff3c1daa04bb2a62507717f296b0b",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "SHA1_FILE_HASH",
    "value": "c8cb3f6d5b90c46686d2bf531dc1a5786e27edc5",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "IP_ADDRESS",
    "value": "85.137.53.71",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "URL",
    "value": "http://85.137.53.71:8080/api/v1/beacon",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "URL",
    "value": "http://85.137.53.71:8080/api/v1/file-result",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "FILE_NAME",
    "value": "miasma-monitor.service",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "FILE_NAME",
    "value": "SIMULATION_WIPE_TRIGGERED.txt",
    "published": "2026-07-15T13:28:21+03:00",
    "briefs": "AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant"
  },
  {
    "type": "MD5_FILE_HASH",
    "value": "1ab58838e5790efb22f2d35ab98c0b7d",
    "published": "2026-07-09T23:49:02+03:00",
    "briefs": "ToddyCat APT's Umbrij Tool: Gmail OAuth Token Theft via DLL Sideloading and Browser Remote Debugging"
  },
  {
    "type": "MD5_FILE_HASH",
    "value": "a7d7d6c4c3f227f7117261c63b9e23a9",
    "published": "2026-07-09T23:49:02+03:00",
    "briefs": "ToddyCat APT's Umbrij Tool: Gmail OAuth Token Theft via DLL Sideloading and Browser Remote Debugging"
  },
  {
    "type": "MD5_FILE_HASH",
    "value": "3d3a621f852c42d97fd7260681e42508",
    "published": "2026-07-09T23:49:02+03:00",
    "briefs": "ToddyCat APT's Umbrij Tool: Gmail OAuth Token Theft via DLL Sideloading and Browser Remote Debugging"
  },
  {
    "type": "MD5_FILE_HASH",
    "value": "3432dd9ac0df80ef86eb80bd080f839b",
    "published": "2026-07-09T23:49:02+03:00",
    "briefs": "ToddyCat APT's Umbrij Tool: Gmail OAuth Token Theft via DLL Sideloading and Browser Remote Debugging"
  },
  {
    "type": "MD5_FILE_HASH",
    "value": "22aaeb4946ba6d2f2e27feb7dbb295de",
    "published": "2026-07-09T23:49:02+03:00",
    "briefs": "ToddyCat APT's Umbrij Tool: Gmail OAuth Token Theft via DLL Sideloading and Browser Remote Debugging"
  },
  {
    "type": "MD5_FILE_HASH",
    "value": "f61fbfb7aa1cd5dc8f70b055b51563e2",
    "published": "2026-07-09T23:49:02+03:00",
    "briefs": "ToddyCat APT's Umbrij Tool: Gmail OAuth Token Theft via DLL Sideloading and Browser Remote Debugging"
  },
  {
    "type": "MD5_FILE_HASH",
    "value": "f169d6d172dfb775895a5e2b1540c854",
    "published": "2026-07-09T23:49:02+03:00",
    "briefs": "ToddyCat APT's Umbrij Tool: Gmail OAuth Token Theft via DLL Sideloading and Browser Remote Debugging"
  },
  {
    "type": "IP_ADDRESS",
    "value": "176.123.4.44",
    "published": "2026-07-08T18:54:56+03:00",
    "briefs": "Storm-2949: Compromised Identity to Cloud-Wide Azure Breach"
  },
  {
    "type": "IP_ADDRESS",
    "value": "91.208.197.87",
    "published": "2026-07-08T18:54:56+03:00",
    "briefs": "Storm-2949: Compromised Identity to Cloud-Wide Azure Breach"
  },
  {
    "type": "IP_ADDRESS",
    "value": "185.241.208.243",
    "published": "2026-07-08T18:54:56+03:00",
    "briefs": "Storm-2949: Compromised Identity to Cloud-Wide Azure Breach"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "2abe5dd3a057fdef935722e50e9251c272d29fd26113187b853a1f9a9cb89d9b",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "79f7b67ce8b39070f3e1c2b90fce0ce84134782a7dedcccc1edac197ee9e089b",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "3b7ae925e2d64522b4f69b56285b05aeca8c5aab5ab46a9c02c4fafb69d881ce",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "cd4e5e2c65b1660470d3446539ee68adf5faeece3eaeb46583623be9911ee145",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "2ada24dd6e517f37942b749c2bd57ddd97445e9853002cee70a0bc30d0b0ce3a",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "IP_ADDRESS",
    "value": "77.110.122.58",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "IP_ADDRESS",
    "value": "213.165.41.26",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "DOMAIN",
    "value": "cl.distritovagas.com",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "DOMAIN",
    "value": "sonra.eutialyson.com",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "DOMAIN",
    "value": "anus-staylard.xyz",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "DOMAIN",
    "value": "pestrear-lamp.xyz",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "DOMAIN",
    "value": "resumeacceptable.com",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "URL",
    "value": "https://cl.distritovagas.com/hte.hta",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "URL",
    "value": "https://sonra.eutialyson.com/inst24.msi",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "FILE_NAME",
    "value": "inst24.msi",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "FILE_NAME",
    "value": "cons_1.0.1.msi",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "FILE_NAME",
    "value": "hyper-v.ver",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "FILE_NAME",
    "value": "ek_kill_av.ps1",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "FILE_NAME",
    "value": "ek_disable_av.ps1",
    "published": "2026-07-02T15:36:20+03:00",
    "briefs": "Potemkin Loader ClickFix Intrusion: Multi-Stage Campaign Deploying RMMProject RAT and Blockchain-Resolved Backdoor"
  },
  {
    "type": "DOMAIN",
    "value": "cgky6bn6ux5wvlybtmm3z255igt52ljml2ngnc5qp3cnw5jlglamisad.onion",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "DOMAIN",
    "value": "gfoqsewps57xcyxoedle2gd53o6jne6y5nq5eh25muksqwzutzq7b3ad.onion",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "DOMAIN",
    "value": "he5vnov645txpcv57el2theky2elesn24ebvgwfoewlpftksxp4fnxad.onion",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "DOMAIN",
    "value": "lyhizqy2js2eh6ufngkbzntouiikdek5zsdj3qwa22b4z6knpqorgiad.onion",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "DOMAIN",
    "value": "j3bv7g27oramhbxxuv6gl3dcyfmf44qnvju3offdyrap7hurfprq74qd.onion",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "DOMAIN",
    "value": "shinypogk4jjniry5qi7247tznop6mxdrdte2k6pdu5cyo43vdzmrwid.onion",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "DOMAIN",
    "value": "7goms4byw26kkbaanz5a5u5234gusot7rp5imzc3ozh66wwcvmcudjid.onion",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "DOMAIN",
    "value": "facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "DOMAIN",
    "value": "wt26llpl5k6gok3vnaxmucwgzv2wk3l7nuibbh25clghrtus3p5ctsid.onion",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "DOMAIN",
    "value": "ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "7630debd35cac6b7d58c4427695579b3e3a8b1cc462f523234cd6c698882a68c",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "a7abf1d9d6686af1cefcd60b17a312e7eb8cfe267def1ec34aeab6128c811630",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "23c1e673f315dafa14b73034a90dd3d393a984451ff6601b8be8142be6487b43",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "cf9fc891ea5ca5ecd8113ef3e69f6f52ff538b6cccbdaa9559106fc72bc6da30",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "100407796028bf3649752d9d2a67a0e4394d752eb8de86daa42920e814f3fae8",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "d14b80cbd1a19d4ad0473a0661297f8fdf598e81ff6c4ab24e212dcad2e54b3f",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "9d90f54ae36c6c5435d5b8bed40faf54cc91f6db28574a6310b5ffaeb0362e96",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "67fc5cf395e28294bbb91ed0e954fdf2e80ebd9119022a115a42c286dc8bacf5",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "0020d23b0f9c5e6851a7f737af73fd143175ee47054931166369edd93338538a",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "35a6bc44b176a050fd6824904b7604f0f45b0fdfa26bf9500b9e05973b387cfd",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "c824630154ac4fdfce94ded01f037c305eab51e9bef3f493c60ff3184a640502",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "d43bf94f0cb0ab97c88113b7e07d1a4024d1610617b5ad05882b1dbab89e15ba",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "b2777b73a4c33ac6a409d475057843be6b5d32262ef28a1f1ff5bb52e3834c5f",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "7787a9a7d8ae393aa32f257d083903c4dc9b97a1e5b0458c4cd480d4f3cb5b05",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "f3b54984caca95fd496bcfe5d7db1611b08d2f5b7d250b43b430e5d76393f9e0",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "20db98af3037b197c8a846dbf17b87fc6f049c3e0d9a188f9b9a74d3916dd5e1",
    "published": "2026-07-01T12:00:39+03:00",
    "briefs": "CryptoBandits: Tor-Routed Crypto Clipper with USB Worm Propagation"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "56b08aa03bd8c0ea094cfeb03d5954ffd857bac42df929dc835eea62f32b09e0",
    "published": "2026-06-30T11:59:30+03:00",
    "briefs": "Medusa Ransomware - RaaS Double Extortion Against Critical Sectors"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "baa980ae253101066ae7e551a354116454e8697ff2154a907c9885770cdae4ae",
    "published": "2026-06-30T11:59:30+03:00",
    "briefs": "Medusa Ransomware - RaaS Double Extortion Against Critical Sectors"
  },
  {
    "type": "EMAIL",
    "value": "key.medusa.serviceteam@protonmail.com",
    "published": "2026-06-30T11:59:30+03:00",
    "briefs": "Medusa Ransomware - RaaS Double Extortion Against Critical Sectors"
  },
  {
    "type": "EMAIL",
    "value": "medusasupport@cock.li",
    "published": "2026-06-30T11:59:30+03:00",
    "briefs": "Medusa Ransomware - RaaS Double Extortion Against Critical Sectors"
  },
  {
    "type": "FILE_NAME",
    "value": "gaze.exe",
    "published": "2026-06-30T11:59:30+03:00",
    "briefs": "Medusa Ransomware - RaaS Double Extortion Against Critical Sectors"
  },
  {
    "type": "FILE_NAME",
    "value": "smuol.sys",
    "published": "2026-06-30T11:59:30+03:00",
    "briefs": "Medusa Ransomware - RaaS Double Extortion Against Critical Sectors"
  },
  {
    "type": "FILE_NAME",
    "value": "openrdp.bat",
    "published": "2026-06-30T11:59:30+03:00",
    "briefs": "Medusa Ransomware - RaaS Double Extortion Against Critical Sectors"
  },
  {
    "type": "FILE_NAME",
    "value": "powerfun.ps1",
    "published": "2026-06-30T11:59:30+03:00",
    "briefs": "Medusa Ransomware - RaaS Double Extortion Against Critical Sectors"
  },
  {
    "type": "FILE_NAME",
    "value": "!!!READ_ME_MEDUSA!!!.txt",
    "published": "2026-06-30T11:59:30+03:00",
    "briefs": "Medusa Ransomware - RaaS Double Extortion Against Critical Sectors"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "aaf5569c8e349c15028bc3fac09eb982efb06eabac955b705a6d447263658e38",
    "published": "2026-06-25T16:47:57+03:00",
    "briefs": "BRICKSTORM: UNC5221 Espionage Campaign Targeting VMware Infrastructure and Microsoft Identity"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "013211c56caaa697914b5b5871e4998d0298902e336e373ebb27b7db30917eaf",
    "published": "2026-06-25T16:47:57+03:00",
    "briefs": "BRICKSTORM: UNC5221 Espionage Campaign Targeting VMware Infrastructure and Microsoft Identity"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "57bd98dbb5a00e54f07ffacda1fea91451a0c0b532cd7d570e98ce2ff741c21d",
    "published": "2026-06-25T16:47:57+03:00",
    "briefs": "BRICKSTORM: UNC5221 Espionage Campaign Targeting VMware Infrastructure and Microsoft Identity"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "b3b6a992540da96375e4781afd3052118ad97cfe60ccf004d732f76678f6820a",
    "published": "2026-06-25T16:47:57+03:00",
    "briefs": "BRICKSTORM: UNC5221 Espionage Campaign Targeting VMware Infrastructure and Microsoft Identity"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "22c15a32b69116a46eb5d0f2b228cc37cd1b5915a91ec8f38df79d3eed1da26b",
    "published": "2026-06-25T16:47:57+03:00",
    "briefs": "BRICKSTORM: UNC5221 Espionage Campaign Targeting VMware Infrastructure and Microsoft Identity"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "f7cda90174b806a34381d5043e89b23ba826abcc89f7abd520060a64475ed506",
    "published": "2026-06-25T16:47:57+03:00",
    "briefs": "BRICKSTORM: UNC5221 Espionage Campaign Targeting VMware Infrastructure and Microsoft Identity"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "39b3d8a8aedffc1b40820f205f6a4dc041cd37262880e5030b008175c45b0c46",
    "published": "2026-06-25T16:47:57+03:00",
    "briefs": "BRICKSTORM: UNC5221 Espionage Campaign Targeting VMware Infrastructure and Microsoft Identity"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "73fe8b8fb4bd7776362fd356fdc189c93cf5d9f6724f6237d829024c10263fe5",
    "published": "2026-06-25T16:47:57+03:00",
    "briefs": "BRICKSTORM: UNC5221 Espionage Campaign Targeting VMware Infrastructure and Microsoft Identity"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "77b49c854afd6746fee393711b48979376fb910b34105c0e18a3fdc24ea31d5c",
    "published": "2026-06-25T16:47:57+03:00",
    "briefs": "BRICKSTORM: UNC5221 Espionage Campaign Targeting VMware Infrastructure and Microsoft Identity"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "6a67a9769a55ec889a5dd4199b2fc08965d39d737838836853bc13c81c56a800",
    "published": "2026-06-25T16:47:57+03:00",
    "briefs": "BRICKSTORM: UNC5221 Espionage Campaign Targeting VMware Infrastructure and Microsoft Identity"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "ed907d39efd5750236b075ca9fbb1f090d7bf578578c38faab24210d298a60ae",
    "published": "2026-06-25T16:47:57+03:00",
    "briefs": "BRICKSTORM: UNC5221 Espionage Campaign Targeting VMware Infrastructure and Microsoft Identity"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "24a11a26a2586f4fba7bfe89df2e21a0809ad85069e442da98c37c4add369a0c",
    "published": "2026-06-25T16:47:57+03:00",
    "briefs": "BRICKSTORM: UNC5221 Espionage Campaign Targeting VMware Infrastructure and Microsoft Identity"
  },
  {
    "type": "IP_ADDRESS",
    "value": "149.248.11.71",
    "published": "2026-06-25T16:47:57+03:00",
    "briefs": "BRICKSTORM: UNC5221 Espionage Campaign Targeting VMware Infrastructure and Microsoft Identity"
  },
  {
    "type": "FILE_NAME",
    "value": "vsm-boot-monitordvcenter",
    "published": "2026-06-25T16:47:57+03:00",
    "briefs": "BRICKSTORM: UNC5221 Espionage Campaign Targeting VMware Infrastructure and Microsoft Identity"
  },
  {
    "type": "FILE_NAME",
    "value": "vsm-monitordvcenter",
    "published": "2026-06-25T16:47:57+03:00",
    "briefs": "BRICKSTORM: UNC5221 Espionage Campaign Targeting VMware Infrastructure and Microsoft Identity"
  },
  {
    "type": "MD5_FILE_HASH",
    "value": "8af1c3f39b60072d4b68c77001d58109",
    "published": "2026-06-25T16:47:57+03:00",
    "briefs": "BRICKSTORM: UNC5221 Espionage Campaign Targeting VMware Infrastructure and Microsoft Identity"
  },
  {
    "type": "MD5_FILE_HASH",
    "value": "c65d7f8accb57a95e3ea8a07fac9550f",
    "published": "2026-06-25T16:47:57+03:00",
    "briefs": "BRICKSTORM: UNC5221 Espionage Campaign Targeting VMware Infrastructure and Microsoft Identity"
  },
  {
    "type": "DOMAIN",
    "value": "ms-azure.azdatastore.workers.dev",
    "published": "2026-06-25T16:47:57+03:00",
    "briefs": "BRICKSTORM: UNC5221 Espionage Campaign Targeting VMware Infrastructure and Microsoft Identity"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "b122a9873bedf145ae2a7fd024b5f309007dbb025149f4dc4ac3f7e4f32a36a4",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "221c45a790dec2a296af57969e1165a16f8f49733aeab64c0bbd768d9943badf",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "ae70dd4f6bc0d1c8c2848e4e6b51934626c4818dcb5af99d080ddbd7dc337185",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "4a8860240e4231c3a74c81949be655a28e096a7d72f38fbe84e5b37636b98417",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "b73de25c053c3225a077738a1fcbd9ca6966d7b3cd6f5494a30f0aa0eae55c7e",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "50eae63d3e24be9ca8803f4b5a0408aef97ee3fab7af018d8c2dde7c359edd65",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "1d1bf5e8c1539d2f05b1429235b8f4990f87036774be95157b315a7803dd5526",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "FILE_NAME",
    "value": ".pkg_history",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "FILE_NAME",
    "value": ".pkg_logs",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "FILE_NAME",
    "value": "system.bat",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "FILE_NAME",
    "value": "protocal.cjs",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "IP_ADDRESS",
    "value": "23.254.164.92",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "IP_ADDRESS",
    "value": "23.254.164.123",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "DOMAIN",
    "value": "teams.onweblive.org",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "DOMAIN",
    "value": "maskasd.com",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "URL",
    "value": "https://23.254.164.92:8000/update/49890878",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "URL",
    "value": "https://teams.onweblive.org/api/update/8555575039/4",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "URL",
    "value": "https://maskasd.com/8555575039",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "EMAIL",
    "value": "sergey2016@tutamail.com",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "EMAIL",
    "value": "ehindero2016@tutamail.com",
    "published": "2026-06-21T17:32:02+03:00",
    "briefs": "Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper"
  },
  {
    "type": "IP_ADDRESS",
    "value": "142.11.200.186",
    "published": "2026-06-18T16:27:33+03:00",
    "briefs": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day"
  },
  {
    "type": "IP_ADDRESS",
    "value": "142.11.200.187",
    "published": "2026-06-18T16:27:33+03:00",
    "briefs": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day"
  },
  {
    "type": "IP_ADDRESS",
    "value": "142.11.200.188",
    "published": "2026-06-18T16:27:33+03:00",
    "briefs": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day"
  },
  {
    "type": "IP_ADDRESS",
    "value": "142.11.200.189",
    "published": "2026-06-18T16:27:33+03:00",
    "briefs": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day"
  },
  {
    "type": "IP_ADDRESS",
    "value": "142.11.200.190",
    "published": "2026-06-18T16:27:33+03:00",
    "briefs": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day"
  },
  {
    "type": "DOMAIN",
    "value": "azurenetfiles.net",
    "published": "2026-06-18T16:27:33+03:00",
    "briefs": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day"
  },
  {
    "type": "URL",
    "value": "wss://azurenetfiles.net:443/agent.ashx",
    "published": "2026-06-18T16:27:33+03:00",
    "briefs": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "c7e9332731b06644fc73e0046a2a89eaa59b09f54250e9bd622467187351711f",
    "published": "2026-06-18T16:27:33+03:00",
    "briefs": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "f02a924c9ff92a8780ce812511341182c6b509d45bc59f3f7b522e37225d24fc",
    "published": "2026-06-18T16:27:33+03:00",
    "briefs": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "d83fdb9e53c5ff03c4cb0451ea1bebd79b53f29eadc1e2fa394c7af13a86ce2f",
    "published": "2026-06-18T16:27:33+03:00",
    "briefs": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "68257a6f9ff196179ec03624e849927f26599eb180a7c82e14ef5bc4e93bc309",
    "published": "2026-06-18T16:27:33+03:00",
    "briefs": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day"
  },
  {
    "type": "SHA256_FILE_HASH",
    "value": "2ab684d93c1553fad87041b4dea97188a97e78589deee2a7bacff905564f3a35",
    "published": "2026-06-18T16:27:33+03:00",
    "briefs": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day"
  },
  {
    "type": "FILE_NAME",
    "value": "meshagent32-azure-ops.exe",
    "published": "2026-06-18T16:27:33+03:00",
    "briefs": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day"
  },
  {
    "type": "FILE_NAME",
    "value": "meshagent64-azure-ops.exe",
    "published": "2026-06-18T16:27:33+03:00",
    "briefs": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day"
  },
  {
    "type": "FILE_NAME",
    "value": "README-IF-YOU-SEE-THIS-YOUVE-BEEN-HACKED.TXT",
    "published": "2026-06-18T16:27:33+03:00",
    "briefs": "ShinyHunters Exploits Oracle PeopleSoft Zero-Day"
  }
]