{ "type": "bundle", "id": "bundle--0dd9833e-7f3d-4db4-bee0-a939932208f5", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--a5882289-a378-468a-83db-d6aadb5937d7", "created": "2025-01-31T09:24:41.436802Z", "modified": "2025-01-31T09:32:25.332836Z", "name": "Socket", "identity_class": "organization" }, { "type": "file", "spec_version": "2.1", "id": "file--d46d10d7-9613-425f-96a5-bd5e5717698e", "hashes": { "MD5": "ea5f9ef6c5cd7884d34c4baff0bc71d0", "SHA-1": "d920f76dd18f5c6cb789f1ecd105254ff1473b9d", "SHA-256": "9570f77a5e1511869f4e554e7166df9fde081f2583e293c2569621792ed7d9c9" } }, { "type": "file", "spec_version": "2.1", "id": "file--e8726f8e-ff2e-4d6b-b637-35782041b977", "hashes": { "MD5": "a84412efcc457c5666f23b3d44cae281", "SHA-1": "ae81b945ae8fe52211c399ffdafd45c77d8c1fab", "SHA-256": "cdec8b20338beb708b5be8d3d7a3041a35a8b0fb92f9186262f312d55ff82066" } }, { "type": "file", "spec_version": "2.1", "id": "file--019609ee-3812-456b-932a-4bc6a57c1812", "hashes": { "SHA-256": "c38954e85bf5433e61e7c8f4230336695624ae88b6953afabf7bf817aa91b638" } }, { "type": "url", "spec_version": "2.1", "id": "url--1ed30f82-98f3-499c-aba7-0b4cd9632813", "value": "https://23.254.164.123:443/49890878" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--28e8eedf-c3de-4146-960d-93c3250ea0b8", "value": "hwsrv-1327785.hostwindsdns.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--6e08e0f5-23e3-484f-9249-d5e15d1ce6dc", "value": "hwsrv-1327786.hostwindsdns.com" }, { "type": "file", "spec_version": "2.1", "id": "file--43d934c8-1650-4b14-aa97-45a88a0cde4e", "hashes": { "MD5": "c18fd75526533dfc90e91e2fb80effaf", "SHA-1": "cd1129d1522a553d0365c433657cee39e4fae82d", "SHA-256": "221c45a790dec2a296af57969e1165a16f8f49733aeab64c0bbd768d9943badf" } }, { "type": "file", "spec_version": "2.1", "id": "file--be59e800-62da-4b1d-b9ab-3df91626cba8", "hashes": { "MD5": "f29630beb594dbf25e738165705bb4a5", "SHA-1": "52baf9cedd288b0d53a5caed3e103487d9412ab9", "SHA-256": "b122a9873bedf145ae2a7fd024b5f309007dbb025149f4dc4ac3f7e4f32a36a4" } }, { "type": "url", "spec_version": "2.1", "id": "url--ba013c36-9b6e-4b21-bd99-3c5f684f5845", "value": "https://23.254.164.92:8000/update/49890878" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--b65a715f-2d52-4218-a4c2-c9cbadde923a", "value": "23.254.164.123" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--8a8d00b1-00b9-4f71-ab55-b7bf3734edcf", "value": "23.254.164.92" }, { "type": "report", "spec_version": "2.1", "id": "report--59a3368d-81ad-4a62-a5cf-c42347506e26", "created_by_ref": "identity--a5882289-a378-468a-83db-d6aadb5937d7", "created": "2026-06-24T15:42:41.027313Z", "modified": "2026-06-24T15:42:41.027313Z", "name": "140+ Mastra npm Packages Compromised in Coordinated Supply Chain Attack", "published": "2026-06-17T00:00:00Z", "object_refs": [ "identity--a5882289-a378-468a-83db-d6aadb5937d7", "file--d46d10d7-9613-425f-96a5-bd5e5717698e", "file--e8726f8e-ff2e-4d6b-b637-35782041b977", "file--019609ee-3812-456b-932a-4bc6a57c1812", "url--1ed30f82-98f3-499c-aba7-0b4cd9632813", "domain-name--28e8eedf-c3de-4146-960d-93c3250ea0b8", "domain-name--6e08e0f5-23e3-484f-9249-d5e15d1ce6dc", "file--43d934c8-1650-4b14-aa97-45a88a0cde4e", "file--be59e800-62da-4b1d-b9ab-3df91626cba8", "url--ba013c36-9b6e-4b21-bd99-3c5f684f5845", "ipv4-addr--b65a715f-2d52-4218-a4c2-c9cbadde923a", "ipv4-addr--8a8d00b1-00b9-4f71-ab55-b7bf3734edcf" ], "external_references": [ { "source_name": "source", "url": "https://socket.dev/blog/mastra-npm-packages-compromised" } ] } ] }