chore: update feeds 2026-04-02

Author: github-actions[bot]

browser_extensions_list.csv

@@ -1,4 +1,5 @@
 browser_extension,browser_extension_id_wildcard,browser_extension_id,metadata_category,metadata_type,metadata_link,metadata_comment,crx_file_sha256
+"JSON Formatter","*bcjindcccaagfpapjjmafapmmgkkhgoa*","bcjindcccaagfpapjjmafapmmgkkhgoa","adware","suspicious","https://chromewebstore.google.com/detail/json-formatter/bcjindcccaagfpapjjmafapmmgkkhgoa/reviews","https://x.com/wesbos/status/2039355472830939319?s=20",""
 "","*nplfchpahihleeejpjmodggckakhglee*","plfchpahihleeejpjmodggckakhglee","malware","malicious","https://x.com/i/status/1907925793336078675","bank credential stealer",""
 "","*ckkjdiimhlanonhceggkfjlmjnenpmfm*","ckkjdiimhlanonhceggkfjlmjnenpmfm","malware","malicious","https://x.com/i/status/1907925793336078675","bank credential stealer",""
 "Chrome MCP Server - AI Browser Control","*fpeabamapgecnidibdmjoepaiehokgda*","fpeabamapgecnidibdmjoepaiehokgda","malware","malicious","https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/dbdcea6a9f5684a9268c39e60c667c5c9c06263b/2026-02-11-IOCs-for-RAT-disguinsed-as-AI-based-browser-extension.txt","RAT AI browser extension","0cbf101e96f6d5c4146812f07105f8b89bd76dd994f540470cd1c4bc37df37d5"

feeds/elastic_detection_rule.ndjson

@@ -1,11 +1,12 @@
 {
   "feed_name": "ExtSentry - Browser Extension Threat Intelligence",
   "feed_version": "1.0",
-  "generated": "2026-04-02T08:02:24Z",
+  "generated": "2026-04-02T09:32:51Z",
   "source": "https://github.com/mthcht/awesome-lists",
   "license": "TLP:CLEAR",
-  "total_indicators": 1415,
+  "total_indicators": 1416,
   "categories": {
+    "adware": 1,
     "malware": 1178,
     "compromised": 94,
     "cryptocurrency": 117,
@@ -18,6 +19,17 @@
     "PROXY/VPN": 5
   },
   "indicators": [
+    {
+      "extension_id": "bcjindcccaagfpapjjmafapmmgkkhgoa",
+      "extension_name": "JSON Formatter",
+      "wildcard_pattern": "*bcjindcccaagfpapjjmafapmmgkkhgoa*",
+      "category": "adware",
+      "threat_type": "suspicious",
+      "reference_url": "https://chromewebstore.google.com/detail/json-formatter/bcjindcccaagfpapjjmafapmmgkkhgoa/reviews",
+      "description": "https://x.com/wesbos/status/2039355472830939319?s=20",
+      "crx_sha256": null,
+      "chrome_webstore_url": "https://chromewebstore.google.com/detail/bcjindcccaagfpapjjmafapmmgkkhgoa"
+    },
     {
       "extension_id": "plfchpahihleeejpjmodggckakhglee",
       "extension_name": null,

feeds/elastic_threat_intel.ndjson

@@ -1,4 +1,5 @@
 extension_id,extension_name,wildcard_pattern,category,threat_type,reference_url,description,chrome_webstore_url,severity,crx_sha256,first_seen,feed_source
+bcjindcccaagfpapjjmafapmmgkkhgoa,JSON Formatter,*bcjindcccaagfpapjjmafapmmgkkhgoa*,adware,suspicious,https://chromewebstore.google.com/detail/json-formatter/bcjindcccaagfpapjjmafapmmgkkhgoa/reviews,https://x.com/wesbos/status/2039355472830939319?s=20,https://chromewebstore.google.com/detail/bcjindcccaagfpapjjmafapmmgkkhgoa,medium,,2026-04-02,ExtSentry (github.com/mthcht/awesome-lists)
 plfchpahihleeejpjmodggckakhglee,bank credential stealer,*nplfchpahihleeejpjmodggckakhglee*,malware,malicious,https://x.com/i/status/1907925793336078675,bank credential stealer,https://chromewebstore.google.com/detail/plfchpahihleeejpjmodggckakhglee,critical,,2026-04-02,ExtSentry (github.com/mthcht/awesome-lists)
 ckkjdiimhlanonhceggkfjlmjnenpmfm,bank credential stealer,*ckkjdiimhlanonhceggkfjlmjnenpmfm*,malware,malicious,https://x.com/i/status/1907925793336078675,bank credential stealer,https://chromewebstore.google.com/detail/ckkjdiimhlanonhceggkfjlmjnenpmfm,critical,,2026-04-02,ExtSentry (github.com/mthcht/awesome-lists)
 fpeabamapgecnidibdmjoepaiehokgda,Chrome MCP Server - AI Browser Control,*fpeabamapgecnidibdmjoepaiehokgda*,malware,malicious,https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/dbdcea6a9f5684a9268c39e60c667c5c9c06263b/2026-02-11-IOCs-for-RAT-disguinsed-as-AI-based-browser-extension.txt,RAT AI browser extension,https://chromewebstore.google.com/detail/fpeabamapgecnidibdmjoepaiehokgda,critical,0cbf101e96f6d5c4146812f07105f8b89bd76dd994f540470cd1c4bc37df37d5,2026-04-02,ExtSentry (github.com/mthcht/awesome-lists)

feeds/extsentry_feed.json

@@ -1,3 +1,4 @@
+bcjindcccaagfpapjjmafapmmgkkhgoa
 plfchpahihleeejpjmodggckakhglee
 ckkjdiimhlanonhceggkfjlmjnenpmfm
 fpeabamapgecnidibdmjoepaiehokgda

feeds/extsentry_ioc_feed.csv

@@ -1,3 +1,4 @@
+bcjindcccaagfpapjjmafapmmgkkhgoa
 fhbohimaelbohpjbbldcngcnapnedx765dodjp
 fnjhmkhhmkbedx765jkkabndcnnogagogbneec
 akoofbljmjeodfmdpjndmmnifglppjdi

feeds/ioc_all_extension_ids.txt

@@ -5,7 +5,7 @@
     "analysis": "2",
     "distribution": "3",
     "date": "2026-04-02",
-    "timestamp": "1775116944",
+    "timestamp": "1775122371",
     "published": false,
     "uuid": "41ef2090-fab5-547e-9eb6-2aa8f195c66f",
     "Orgc": {
@@ -27,6 +27,23 @@
       }
     ],
     "Attribute": [
+      {
+        "uuid": "56dfb3e2-4de5-5709-9dce-5c48a471bef4",
+        "type": "text",
+        "category": "Other",
+        "to_ids": false,
+        "value": "bcjindcccaagfpapjjmafapmmgkkhgoa",
+        "comment": "JSON Formatter | Category: adware | Type: suspicious | https://x.com/wesbos/status/2039355472830939319?s=20",
+        "distribution": "5",
+        "Tag": [
+          {
+            "name": "extsentry:category=\"adware\""
+          },
+          {
+            "name": "extsentry:type=\"suspicious\""
+          }
+        ]
+      },
       {
         "uuid": "e4d6c6c1-7172-52e5-a3a4-8265966bcef8",
         "type": "text",
@@ -24203,6 +24220,51 @@
       }
     ],
     "Object": [
+      {
+        "uuid": "92657467-7e91-5ff4-90bd-db002313bbdd",
+        "name": "annotation",
+        "meta-category": "misc",
+        "description": "Suspicious/Malicious browser extension: JSON Formatter",
+        "template_uuid": "e434b304-a905-53fb-b7df-1d552e338795",
+        "template_version": "1",
+        "Attribute": [
+          {
+            "object_relation": "text",
+            "type": "text",
+            "value": "bcjindcccaagfpapjjmafapmmgkkhgoa",
+            "comment": "Browser Extension ID",
+            "to_ids": false
+          },
+          {
+            "object_relation": "text",
+            "type": "text",
+            "value": "JSON Formatter",
+            "comment": "Extension Name",
+            "to_ids": false
+          },
+          {
+            "object_relation": "text",
+            "type": "text",
+            "value": "adware",
+            "comment": "Threat Category",
+            "to_ids": false
+          },
+          {
+            "object_relation": "text",
+            "type": "text",
+            "value": "suspicious",
+            "comment": "Threat Type",
+            "to_ids": false
+          },
+          {
+            "object_relation": "text",
+            "type": "link",
+            "value": "https://chromewebstore.google.com/detail/json-formatter/bcjindcccaagfpapjjmafapmmgkkhgoa/reviews",
+            "comment": "Reference URL",
+            "to_ids": false
+          }
+        ]
+      },
       {
         "uuid": "99b8c136-8de4-5da5-aaca-d2875d8ac296",
         "name": "annotation",

feeds/ioc_suspicious_extension_ids.txt

@@ -9,6 +9,7 @@
     "other"
   ],
   "list": [
+    "bcjindcccaagfpapjjmafapmmgkkhgoa",
     "plfchpahihleeejpjmodggckakhglee",
     "ckkjdiimhlanonhceggkfjlmjnenpmfm",
     "fpeabamapgecnidibdmjoepaiehokgda",