IOC Radar
TLP:WHITE6 IOCs

Threat Intelligence|From Python to Bun: Cross-Runtime Attack Chain Analysis of the Shai-Hulud Hades…

SL
SlowMist
Published June 12, 2026Original Report

Diamond Model

Attack Flow8 steps · MITRE ATT&CK mapped

Initial AccessTA0001·T1195
1/8
Supply Chain Compromise
ActionPublish malicious packages
Malicious Python packages are published to the PyPI ecosystem, masquerading as legitimate libraries.

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise6

TypeIndicatorConfidenceScoreFirst Seen
SHA256d85f876a32f9b60370b107daddebf4911eec6caecd65db7a6aa870b11fd30cbf
file-hashindicatorintel-blog
Medium
53
Jun 12, 26
SHA15f61956f8827a84977cd3501a4e1caea12b39bf5
file-hashindicatorintel-blog
Medium
53
Jun 12, 26
SHA256ce8ceb71a012b5d44e2241fb44fe269c6233f03f0586b15c833d4904cc30f3ba
file-hashindicatorintel-blog
Medium
53
Jun 12, 26
MD5372776448fcd2f38a937fd9de60625c0
file-hashindicatorintel-blog
Medium
53
Jun 12, 26
MD54154c95b4b96481cc85e89ac644f422a
file-hashindicatorintel-blog
Medium
53
Jun 12, 26
SHA199249a99a1a7c705622d2cd1c55b93f0ccce0c99
file-hashindicatorintel-blog
Medium
53
Jun 12, 26

IOC Relationship Graph

IOC Relationship Graph6 total IOCs
SHA256SHA1MD5
SHA2562SHA12MD52REPORTThreat Intelligence|From P
scroll to zoom · drag to pan · click IOC to open