Skip to content

Commit 6eea10f

Browse files
github-actions[bot]github-actions[bot]
committed
chore: update feeds 2026-03-30
1 parent 12a64bf commit 6eea10f

18 files changed

Lines changed: 15106 additions & 14768 deletions

browser_extensions_list.csv

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,6 @@
11
browser_extension,browser_extension_id_wildcard,browser_extension_id,metadata_category,metadata_type,metadata_link,metadata_comment,crx_file_sha256
2+
"","*nplfchpahihleeejpjmodggckakhglee*","plfchpahihleeejpjmodggckakhglee","malware","malicious","https://x.com/i/status/1907925793336078675","bank credential stealer",""
3+
"","*ckkjdiimhlanonhceggkfjlmjnenpmfm*","ckkjdiimhlanonhceggkfjlmjnenpmfm","malware","malicious","https://x.com/i/status/1907925793336078675","bank credential stealer",""
24
"Chrome MCP Server - AI Browser Control","*fpeabamapgecnidibdmjoepaiehokgda*","fpeabamapgecnidibdmjoepaiehokgda","malware","malicious","https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/dbdcea6a9f5684a9268c39e60c667c5c9c06263b/2026-02-11-IOCs-for-RAT-disguinsed-as-AI-based-browser-extension.txt","RAT AI browser extension","0cbf101e96f6d5c4146812f07105f8b89bd76dd994f540470cd1c4bc37df37d5"
35
"OmniBar AI Chat and Search","*ajfanjhcdgaohcbphpaceglgpgaaohod*","ajfanjhcdgaohcbphpaceglgpgaaohod","malware","malicious","https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2026-03-09-Threat-Alert-30K-domains-distributing-malicious-AI-related-browser-extension.txt","Malicious AI browser extension","21dd863ff9bbd15da01c1218bf92bd65eeae04a41876e10c41733b58035414c4"
46
"AI Output Algo Tool","*eeoonfhmbjlmienmmbgapfloddpmoalh*","eeoonfhmbjlmienmmbgapfloddpmoalh","malware","malicious","https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2026-03-09-Threat-Alert-30K-domains-distributing-malicious-AI-related-browser-extension.txt","Malicious AI browser extension","9d0f550ac883455ed64da402cdb0c822c90de405c540678e0697b77fe20de3cf"

feeds/elastic_detection_rule.ndjson

Lines changed: 1 addition & 1 deletion
Large diffs are not rendered by default.

feeds/elastic_threat_intel.ndjson

Lines changed: 1415 additions & 1413 deletions
Large diffs are not rendered by default.

feeds/extsentry_feed.json

Lines changed: 25 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,12 @@
11
{
22
"feed_name": "ExtSentry - Browser Extension Threat Intelligence",
33
"feed_version": "1.0",
4-
"generated": "2026-03-30T22:18:29Z",
4+
"generated": "2026-03-30T23:20:22Z",
55
"source": "https://github.com/mthcht/awesome-lists",
66
"license": "TLP:CLEAR",
7-
"total_indicators": 1413,
7+
"total_indicators": 1415,
88
"categories": {
9-
"malware": 1176,
9+
"malware": 1178,
1010
"compromised": 94,
1111
"cryptocurrency": 117,
1212
"Credential Access": 2,
@@ -18,6 +18,28 @@
1818
"PROXY/VPN": 5
1919
},
2020
"indicators": [
21+
{
22+
"extension_id": "plfchpahihleeejpjmodggckakhglee",
23+
"extension_name": null,
24+
"wildcard_pattern": "*nplfchpahihleeejpjmodggckakhglee*",
25+
"category": "malware",
26+
"threat_type": "malicious",
27+
"reference_url": "https://x.com/i/status/1907925793336078675",
28+
"description": "bank credential stealer",
29+
"crx_sha256": null,
30+
"chrome_webstore_url": "https://chromewebstore.google.com/detail/plfchpahihleeejpjmodggckakhglee"
31+
},
32+
{
33+
"extension_id": "ckkjdiimhlanonhceggkfjlmjnenpmfm",
34+
"extension_name": null,
35+
"wildcard_pattern": "*ckkjdiimhlanonhceggkfjlmjnenpmfm*",
36+
"category": "malware",
37+
"threat_type": "malicious",
38+
"reference_url": "https://x.com/i/status/1907925793336078675",
39+
"description": "bank credential stealer",
40+
"crx_sha256": null,
41+
"chrome_webstore_url": "https://chromewebstore.google.com/detail/ckkjdiimhlanonhceggkfjlmjnenpmfm"
42+
},
2143
{
2244
"extension_id": "fpeabamapgecnidibdmjoepaiehokgda",
2345
"extension_name": "Chrome MCP Server - AI Browser Control",

feeds/extsentry_ioc_feed.csv

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,6 @@
11
extension_id,extension_name,wildcard_pattern,category,threat_type,reference_url,description,chrome_webstore_url,severity,crx_sha256,first_seen,feed_source
2+
plfchpahihleeejpjmodggckakhglee,bank credential stealer,*nplfchpahihleeejpjmodggckakhglee*,malware,malicious,https://x.com/i/status/1907925793336078675,bank credential stealer,https://chromewebstore.google.com/detail/plfchpahihleeejpjmodggckakhglee,critical,,2026-03-30,ExtSentry (github.com/mthcht/awesome-lists)
3+
ckkjdiimhlanonhceggkfjlmjnenpmfm,bank credential stealer,*ckkjdiimhlanonhceggkfjlmjnenpmfm*,malware,malicious,https://x.com/i/status/1907925793336078675,bank credential stealer,https://chromewebstore.google.com/detail/ckkjdiimhlanonhceggkfjlmjnenpmfm,critical,,2026-03-30,ExtSentry (github.com/mthcht/awesome-lists)
24
fpeabamapgecnidibdmjoepaiehokgda,Chrome MCP Server - AI Browser Control,*fpeabamapgecnidibdmjoepaiehokgda*,malware,malicious,https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/dbdcea6a9f5684a9268c39e60c667c5c9c06263b/2026-02-11-IOCs-for-RAT-disguinsed-as-AI-based-browser-extension.txt,RAT AI browser extension,https://chromewebstore.google.com/detail/fpeabamapgecnidibdmjoepaiehokgda,critical,0cbf101e96f6d5c4146812f07105f8b89bd76dd994f540470cd1c4bc37df37d5,2026-03-30,ExtSentry (github.com/mthcht/awesome-lists)
35
ajfanjhcdgaohcbphpaceglgpgaaohod,OmniBar AI Chat and Search,*ajfanjhcdgaohcbphpaceglgpgaaohod*,malware,malicious,https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2026-03-09-Threat-Alert-30K-domains-distributing-malicious-AI-related-browser-extension.txt,Malicious AI browser extension,https://chromewebstore.google.com/detail/ajfanjhcdgaohcbphpaceglgpgaaohod,critical,21dd863ff9bbd15da01c1218bf92bd65eeae04a41876e10c41733b58035414c4,2026-03-30,ExtSentry (github.com/mthcht/awesome-lists)
46
eeoonfhmbjlmienmmbgapfloddpmoalh,AI Output Algo Tool,*eeoonfhmbjlmienmmbgapfloddpmoalh*,malware,malicious,https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2026-03-09-Threat-Alert-30K-domains-distributing-malicious-AI-related-browser-extension.txt,Malicious AI browser extension,https://chromewebstore.google.com/detail/eeoonfhmbjlmienmmbgapfloddpmoalh,critical,9d0f550ac883455ed64da402cdb0c822c90de405c540678e0697b77fe20de3cf,2026-03-30,ExtSentry (github.com/mthcht/awesome-lists)

feeds/ioc_all_extension_ids.txt

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,5 @@
1+
plfchpahihleeejpjmodggckakhglee
2+
ckkjdiimhlanonhceggkfjlmjnenpmfm
13
fpeabamapgecnidibdmjoepaiehokgda
24
ajfanjhcdgaohcbphpaceglgpgaaohod
35
eeoonfhmbjlmienmmbgapfloddpmoalh

feeds/ioc_malicious_extension_ids.txt

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,5 @@
1+
plfchpahihleeejpjmodggckakhglee
2+
ckkjdiimhlanonhceggkfjlmjnenpmfm
13
fpeabamapgecnidibdmjoepaiehokgda
24
ajfanjhcdgaohcbphpaceglgpgaaohod
35
eeoonfhmbjlmienmmbgapfloddpmoalh

feeds/misp_event.json

Lines changed: 125 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
"analysis": "2",
66
"distribution": "3",
77
"date": "2026-03-30",
8-
"timestamp": "1774909109",
8+
"timestamp": "1774912823",
99
"published": false,
1010
"uuid": "41ef2090-fab5-547e-9eb6-2aa8f195c66f",
1111
"Orgc": {
@@ -27,6 +27,40 @@
2727
}
2828
],
2929
"Attribute": [
30+
{
31+
"uuid": "e4d6c6c1-7172-52e5-a3a4-8265966bcef8",
32+
"type": "text",
33+
"category": "Other",
34+
"to_ids": false,
35+
"value": "plfchpahihleeejpjmodggckakhglee",
36+
"comment": "bank credential stealer | Category: malware | Type: malicious | bank credential stealer",
37+
"distribution": "5",
38+
"Tag": [
39+
{
40+
"name": "extsentry:category=\"malware\""
41+
},
42+
{
43+
"name": "extsentry:type=\"malicious\""
44+
}
45+
]
46+
},
47+
{
48+
"uuid": "2d3a4bd0-2242-5248-91b7-aa5ca219e3ae",
49+
"type": "text",
50+
"category": "Other",
51+
"to_ids": false,
52+
"value": "ckkjdiimhlanonhceggkfjlmjnenpmfm",
53+
"comment": "bank credential stealer | Category: malware | Type: malicious | bank credential stealer",
54+
"distribution": "5",
55+
"Tag": [
56+
{
57+
"name": "extsentry:category=\"malware\""
58+
},
59+
{
60+
"name": "extsentry:type=\"malicious\""
61+
}
62+
]
63+
},
3064
{
3165
"uuid": "0d69c595-01aa-55e3-b901-e55873527956",
3266
"type": "text",
@@ -24169,6 +24203,96 @@
2416924203
}
2417024204
],
2417124205
"Object": [
24206+
{
24207+
"uuid": "99b8c136-8de4-5da5-aaca-d2875d8ac296",
24208+
"name": "annotation",
24209+
"meta-category": "misc",
24210+
"description": "Suspicious/Malicious browser extension: bank credential stealer",
24211+
"template_uuid": "e434b304-a905-53fb-b7df-1d552e338795",
24212+
"template_version": "1",
24213+
"Attribute": [
24214+
{
24215+
"object_relation": "text",
24216+
"type": "text",
24217+
"value": "plfchpahihleeejpjmodggckakhglee",
24218+
"comment": "Browser Extension ID",
24219+
"to_ids": false
24220+
},
24221+
{
24222+
"object_relation": "text",
24223+
"type": "text",
24224+
"value": "bank credential stealer",
24225+
"comment": "Extension Name",
24226+
"to_ids": false
24227+
},
24228+
{
24229+
"object_relation": "text",
24230+
"type": "text",
24231+
"value": "malware",
24232+
"comment": "Threat Category",
24233+
"to_ids": false
24234+
},
24235+
{
24236+
"object_relation": "text",
24237+
"type": "text",
24238+
"value": "malicious",
24239+
"comment": "Threat Type",
24240+
"to_ids": false
24241+
},
24242+
{
24243+
"object_relation": "text",
24244+
"type": "link",
24245+
"value": "https://x.com/i/status/1907925793336078675",
24246+
"comment": "Reference URL",
24247+
"to_ids": false
24248+
}
24249+
]
24250+
},
24251+
{
24252+
"uuid": "a190e20d-ec9e-5991-8512-d4c5ad29c4b4",
24253+
"name": "annotation",
24254+
"meta-category": "misc",
24255+
"description": "Suspicious/Malicious browser extension: bank credential stealer",
24256+
"template_uuid": "e434b304-a905-53fb-b7df-1d552e338795",
24257+
"template_version": "1",
24258+
"Attribute": [
24259+
{
24260+
"object_relation": "text",
24261+
"type": "text",
24262+
"value": "ckkjdiimhlanonhceggkfjlmjnenpmfm",
24263+
"comment": "Browser Extension ID",
24264+
"to_ids": false
24265+
},
24266+
{
24267+
"object_relation": "text",
24268+
"type": "text",
24269+
"value": "bank credential stealer",
24270+
"comment": "Extension Name",
24271+
"to_ids": false
24272+
},
24273+
{
24274+
"object_relation": "text",
24275+
"type": "text",
24276+
"value": "malware",
24277+
"comment": "Threat Category",
24278+
"to_ids": false
24279+
},
24280+
{
24281+
"object_relation": "text",
24282+
"type": "text",
24283+
"value": "malicious",
24284+
"comment": "Threat Type",
24285+
"to_ids": false
24286+
},
24287+
{
24288+
"object_relation": "text",
24289+
"type": "link",
24290+
"value": "https://x.com/i/status/1907925793336078675",
24291+
"comment": "Reference URL",
24292+
"to_ids": false
24293+
}
24294+
]
24295+
},
2417224296
{
2417324297
"uuid": "69becf4b-7d78-5ead-ad50-1ba35c0c68f9",
2417424298
"name": "annotation",

feeds/misp_warninglist.json

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,8 @@
99
"other"
1010
],
1111
"list": [
12+
"plfchpahihleeejpjmodggckakhglee",
13+
"ckkjdiimhlanonhceggkfjlmjnenpmfm",
1214
"fpeabamapgecnidibdmjoepaiehokgda",
1315
"ajfanjhcdgaohcbphpaceglgpgaaohod",
1416
"eeoonfhmbjlmienmmbgapfloddpmoalh",

0 commit comments

Comments
 (0)