{ "type": "bundle", "id": "bundle--8e9cc2b6-2d09-4949-9f23-9fa73e1f5dee", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--856c3fc6-486a-43be-9478-5ac6814df5a3", "created": "2026-03-31T08:31:49.722408Z", "modified": "2026-03-31T08:35:18.517396Z", "name": "StepSecurity", "identity_class": "organization" }, { "type": "url", "spec_version": "2.1", "id": "url--ba013c36-9b6e-4b21-bd99-3c5f684f5845", "value": "https://23.254.164.92:8000/update/49890878" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--b65a715f-2d52-4218-a4c2-c9cbadde923a", "value": "23.254.164.123" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--8a8d00b1-00b9-4f71-ab55-b7bf3734edcf", "value": "23.254.164.92" }, { "type": "email-addr", "spec_version": "2.1", "id": "email-addr--59981efc-dfde-4a77-8559-acc8a874404f", "value": "sergey2016@tutamail.com" }, { "type": "report", "spec_version": "2.1", "id": "report--46d3f7cd-724e-4063-a451-2262bb330969", "created_by_ref": "identity--856c3fc6-486a-43be-9478-5ac6814df5a3", "created": "2026-06-25T18:01:24.394525Z", "modified": "2026-06-25T18:01:24.394525Z", "name": "Mastra npm Supply Chain Attack: 140+ Packages Backdoored via easy-day-js Typosquat", "published": "2026-06-17T00:00:00Z", "object_refs": [ "identity--856c3fc6-486a-43be-9478-5ac6814df5a3", "url--ba013c36-9b6e-4b21-bd99-3c5f684f5845", "ipv4-addr--b65a715f-2d52-4218-a4c2-c9cbadde923a", "ipv4-addr--8a8d00b1-00b9-4f71-ab55-b7bf3734edcf", "email-addr--59981efc-dfde-4a77-8559-acc8a874404f" ], "external_references": [ { "source_name": "source", "url": "https://www.stepsecurity.io/blog/mastra-npm-packages-compromised-using-easy-day-js" } ] } ] }