Threats Tagged 'ioc'

OffSeq Mirage honeypot sensors observed this SHA-256 file hash 7 time(s) in attacker activity between 2026-06-24 and 2026-06-24. Observed technique: T1105 (Ingress Tool Transfer). File hashes fingerprint a specific malicious payload (a dropper, web shell, miner, or post-exploitation tool) that was staged or delivered during the attack. Match it against files in your environment and your EDR/AV and threat-intel feeds.

OffSeq Mirage honeypot sensors observed this SHA-256 file hash 22 time(s) in attacker activity between 2026-06-24 and 2026-06-24. Observed technique: T1105 (Ingress Tool Transfer). File hashes fingerprint a specific malicious payload (a dropper, web shell, miner, or post-exploitation tool) that was staged or delivered during the attack. Match it against files in your environment and your EDR/AV and threat-intel feeds.

Four coordinated npm supply chain campaigns were active during May and June 2026, targeting the npm ecosystem with various sophisticated techniques including dependency confusion, namespace compromise, scope confusion, and typosquatting. These campaigns employ multi-stage postinstall execution chains that fetch and run platform-specific payloads, aiming to steal environment variables, CI/CD secrets, cloud metadata service tokens, and other sensitive credentials. The campaigns affect multiple platforms (Windows, macOS, Linux) and cloud environments (GCP, Azure). Detection relies on identifying version sentinels, cloud metadata endpoint access patterns, and characteristic postinstall behaviors. An open-source scanner with detection capabilities for these campaigns is available for community use.