{ "type": "bundle", "id": "bundle--ccd26b95-0b93-4742-a514-2624e006ab24", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--44472064-c7ea-431d-81db-017ee8e2d318", "created": "2026-04-01T06:12:41.774543Z", "modified": "2026-04-01T06:19:23.493067Z", "name": "SafeDep", "identity_class": "organization" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--28e8eedf-c3de-4146-960d-93c3250ea0b8", "value": "hwsrv-1327785.hostwindsdns.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--6e08e0f5-23e3-484f-9249-d5e15d1ce6dc", "value": "hwsrv-1327786.hostwindsdns.com" }, { "type": "url", "spec_version": "2.1", "id": "url--09dbcbdc-9d03-4fb7-b1a9-27dd077d2b56", "value": "https://23.254.164.123/49890878" }, { "type": "file", "spec_version": "2.1", "id": "file--43d934c8-1650-4b14-aa97-45a88a0cde4e", "hashes": { "MD5": "c18fd75526533dfc90e91e2fb80effaf", "SHA-1": "cd1129d1522a553d0365c433657cee39e4fae82d", "SHA-256": "221c45a790dec2a296af57969e1165a16f8f49733aeab64c0bbd768d9943badf" } }, { "type": "file", "spec_version": "2.1", "id": "file--1c557bdf-379a-44dc-a0e1-d5ded122fb4e", "hashes": { "SHA-256": "4a8860240e4231c3a74c81949be655a28e096a7d72f38fbe84e5b37636b98417" } }, { "type": "file", "spec_version": "2.1", "id": "file--b8f8c564-78c3-40b3-a716-1a07669617cb", "hashes": { "MD5": "b13415f8c734e0d45aeca083ffcfe153", "SHA-1": "4727365754cc41e4ba5a483f328289fd09a54651", "SHA-256": "ae70dd4f6bc0d1c8c2848e4e6b51934626c4818dcb5af99d080ddbd7dc337185" } }, { "type": "url", "spec_version": "2.1", "id": "url--ba013c36-9b6e-4b21-bd99-3c5f684f5845", "value": "https://23.254.164.92:8000/update/49890878" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--b65a715f-2d52-4218-a4c2-c9cbadde923a", "value": "23.254.164.123" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--8a8d00b1-00b9-4f71-ab55-b7bf3734edcf", "value": "23.254.164.92" }, { "type": "report", "spec_version": "2.1", "id": "report--1fd0c701-2619-4dbd-a2a6-219e98571f9f", "created_by_ref": "identity--44472064-c7ea-431d-81db-017ee8e2d318", "created": "2026-06-24T15:44:04.14056Z", "modified": "2026-06-24T15:44:04.14056Z", "name": "Mastra npm Scope Takeover: 143 Packages Drop a RAT", "published": "2026-06-17T00:00:00Z", "object_refs": [ "identity--44472064-c7ea-431d-81db-017ee8e2d318", "domain-name--28e8eedf-c3de-4146-960d-93c3250ea0b8", "domain-name--6e08e0f5-23e3-484f-9249-d5e15d1ce6dc", "url--09dbcbdc-9d03-4fb7-b1a9-27dd077d2b56", "file--43d934c8-1650-4b14-aa97-45a88a0cde4e", "file--1c557bdf-379a-44dc-a0e1-d5ded122fb4e", "file--b8f8c564-78c3-40b3-a716-1a07669617cb", "url--ba013c36-9b6e-4b21-bd99-3c5f684f5845", "ipv4-addr--b65a715f-2d52-4218-a4c2-c9cbadde923a", "ipv4-addr--8a8d00b1-00b9-4f71-ab55-b7bf3734edcf" ], "external_references": [ { "source_name": "source", "url": "https://safedep.io/mastra-npm-scope-takeover-supply-chain-attack/" } ] } ] }