TLP:WHITE1 IOC

Shai-Hulud Malware In-Depth Analysis: Open Source Means Loss of Control?

SlowMist

Published May 14, 2026Original Report

Diamond Model

Adversary(1)

Infrastructure

Capability

Victim

Initial AccessTA0001·T1078

1/8

Compromise Accounts

ActionSpread via compromised accounts

Threat actors used compromised GitHub accounts to spread the Shai-Hulud malware.

Analysis unavailable

Type	Indicator	Confidence	Score	First Seen
SHA1	d446803f4c3bc116263faa3499a1d3f95b2825de exploitfile-hashintel-blog	Medium	53	Jun 2, 26

IOC Relationship Graph1 total IOCs

SHA1

scroll to zoom · drag to pan · click IOC to open