chore: update feeds 2026-04-02

Author: github-actions[bot]

browser_extensions_list.csv

@@ -1,5 +1,5 @@
 browser_extension,browser_extension_id_wildcard,browser_extension_id,metadata_category,metadata_type,metadata_link,metadata_comment,crx_file_sha256
-"JSON Formatter","*bcjindcccaagfpapjjmafapmmgkkhgoa*","bcjindcccaagfpapjjmafapmmgkkhgoa","adware","suspicious","https://chromewebstore.google.com/detail/json-formatter/bcjindcccaagfpapjjmafapmmgkkhgoa/reviews","https://x.com/wesbos/status/2039355472830939319?s=20",""
+"JSON Formatter","*bcjindcccaagfpapjjmafapmmgkkhgoa*","bcjindcccaagfpapjjmafapmmgkkhgoa","PUP","suspicious","https://chromewebstore.google.com/detail/json-formatter/bcjindcccaagfpapjjmafapmmgkkhgoa/reviews","https://x.com/wesbos/status/2039355472830939319?s=20",""
 "","*nplfchpahihleeejpjmodggckakhglee*","plfchpahihleeejpjmodggckakhglee","malware","malicious","https://x.com/i/status/1907925793336078675","bank credential stealer",""
 "","*ckkjdiimhlanonhceggkfjlmjnenpmfm*","ckkjdiimhlanonhceggkfjlmjnenpmfm","malware","malicious","https://x.com/i/status/1907925793336078675","bank credential stealer",""
 "Chrome MCP Server - AI Browser Control","*fpeabamapgecnidibdmjoepaiehokgda*","fpeabamapgecnidibdmjoepaiehokgda","malware","malicious","https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/dbdcea6a9f5684a9268c39e60c667c5c9c06263b/2026-02-11-IOCs-for-RAT-disguinsed-as-AI-based-browser-extension.txt","RAT AI browser extension","0cbf101e96f6d5c4146812f07105f8b89bd76dd994f540470cd1c4bc37df37d5"

feeds/elastic_threat_intel.ndjson

@@ -1,20 +1,19 @@
 {
   "feed_name": "ExtSentry - Browser Extension Threat Intelligence",
   "feed_version": "1.0",
-  "generated": "2026-04-02T09:42:50Z",
+  "generated": "2026-04-02T10:36:08Z",
   "source": "https://github.com/mthcht/awesome-lists",
   "license": "TLP:CLEAR",
   "total_indicators": 1416,
   "categories": {
-    "adware": 1,
+    "PUP": 4,
     "malware": 1178,
     "compromised": 94,
     "cryptocurrency": 117,
     "Credential Access": 2,
     "Defense Evasion": 1,
     "scam": 5,
     "RMM": 1,
-    "PUP": 3,
     "password manager": 9,
     "PROXY/VPN": 5
   },
@@ -23,7 +22,7 @@
       "extension_id": "bcjindcccaagfpapjjmafapmmgkkhgoa",
       "extension_name": "JSON Formatter",
       "wildcard_pattern": "*bcjindcccaagfpapjjmafapmmgkkhgoa*",
-      "category": "adware",
+      "category": "PUP",
       "threat_type": "suspicious",
       "reference_url": "https://chromewebstore.google.com/detail/json-formatter/bcjindcccaagfpapjjmafapmmgkkhgoa/reviews",
       "description": "https://x.com/wesbos/status/2039355472830939319?s=20",

feeds/extsentry_feed.json

@@ -1,5 +1,5 @@
 extension_id,extension_name,wildcard_pattern,category,threat_type,reference_url,description,chrome_webstore_url,severity,crx_sha256,first_seen,feed_source
-bcjindcccaagfpapjjmafapmmgkkhgoa,JSON Formatter,*bcjindcccaagfpapjjmafapmmgkkhgoa*,adware,suspicious,https://chromewebstore.google.com/detail/json-formatter/bcjindcccaagfpapjjmafapmmgkkhgoa/reviews,https://x.com/wesbos/status/2039355472830939319?s=20,https://chromewebstore.google.com/detail/bcjindcccaagfpapjjmafapmmgkkhgoa,medium,,2026-04-02,ExtSentry (github.com/mthcht/awesome-lists)
+bcjindcccaagfpapjjmafapmmgkkhgoa,JSON Formatter,*bcjindcccaagfpapjjmafapmmgkkhgoa*,PUP,suspicious,https://chromewebstore.google.com/detail/json-formatter/bcjindcccaagfpapjjmafapmmgkkhgoa/reviews,https://x.com/wesbos/status/2039355472830939319?s=20,https://chromewebstore.google.com/detail/bcjindcccaagfpapjjmafapmmgkkhgoa,medium,,2026-04-02,ExtSentry (github.com/mthcht/awesome-lists)
 plfchpahihleeejpjmodggckakhglee,bank credential stealer,*nplfchpahihleeejpjmodggckakhglee*,malware,malicious,https://x.com/i/status/1907925793336078675,bank credential stealer,https://chromewebstore.google.com/detail/plfchpahihleeejpjmodggckakhglee,critical,,2026-04-02,ExtSentry (github.com/mthcht/awesome-lists)
 ckkjdiimhlanonhceggkfjlmjnenpmfm,bank credential stealer,*ckkjdiimhlanonhceggkfjlmjnenpmfm*,malware,malicious,https://x.com/i/status/1907925793336078675,bank credential stealer,https://chromewebstore.google.com/detail/ckkjdiimhlanonhceggkfjlmjnenpmfm,critical,,2026-04-02,ExtSentry (github.com/mthcht/awesome-lists)
 fpeabamapgecnidibdmjoepaiehokgda,Chrome MCP Server - AI Browser Control,*fpeabamapgecnidibdmjoepaiehokgda*,malware,malicious,https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/dbdcea6a9f5684a9268c39e60c667c5c9c06263b/2026-02-11-IOCs-for-RAT-disguinsed-as-AI-based-browser-extension.txt,RAT AI browser extension,https://chromewebstore.google.com/detail/fpeabamapgecnidibdmjoepaiehokgda,critical,0cbf101e96f6d5c4146812f07105f8b89bd76dd994f540470cd1c4bc37df37d5,2026-04-02,ExtSentry (github.com/mthcht/awesome-lists)

feeds/extsentry_ioc_feed.csv

@@ -5,7 +5,7 @@
     "analysis": "2",
     "distribution": "3",
     "date": "2026-04-02",
-    "timestamp": "1775122971",
+    "timestamp": "1775126169",
     "published": false,
     "uuid": "41ef2090-fab5-547e-9eb6-2aa8f195c66f",
     "Orgc": {
@@ -33,11 +33,11 @@
         "category": "Other",
         "to_ids": false,
         "value": "bcjindcccaagfpapjjmafapmmgkkhgoa",
-        "comment": "JSON Formatter | Category: adware | Type: suspicious | https://x.com/wesbos/status/2039355472830939319?s=20",
+        "comment": "JSON Formatter | Category: PUP | Type: suspicious | https://x.com/wesbos/status/2039355472830939319?s=20",
         "distribution": "5",
         "Tag": [
           {
-            "name": "extsentry:category=\"adware\""
+            "name": "extsentry:category=\"PUP\""
           },
           {
             "name": "extsentry:type=\"suspicious\""
@@ -24245,7 +24245,7 @@
           {
             "object_relation": "text",
             "type": "text",
-            "value": "adware",
+            "value": "PUP",
             "comment": "Threat Category",
             "to_ids": false
           },