PSYC-OTX-6a214311a2c1a61296efbdc5
▶ case journeyOTX: Preinstall to persistence: Inside the npm Miasma credential-stealing campaign
The full record for one case — how Classifyline rated it, what Scoutline observed, the evidence Sealine encrypted, where Routeline may send it, and every ledger entry it produced.
how to use this view
How to use. Read the cards top-to-bottom — classification, observables, sealed package, routes, ledger. Hit ▶ case journey for the animated walk-through.
What you're seeing. Every worker line's output for this one case: how it was rated, what was observed, what was encrypted and to whom, where it would route, and the audit rows it produced.
Why it matters. Nothing sensitive leaves psyc without a human seeing the full reasoning chain — this page is that chain, for one case.
Classification
- Severity
- medium
- TLP
- GREEN
- Incident type
- malware
- Internal class
- D
Confidence
- Level
- medium
- Source reliability
- C
- Information credibility
- 3
Source
- Type
- threat_intel
- Reference
- https://otx.alienvault.com/pulse/6a214311a2c1a61296efbdc5
- Observed
- 2026-06-04 09:19 UTC
- Ingested
- 2026-06-07 00:17 UTC
Observables
Hashes
396cac9e457ec54ff6d3f6311cb5cc1da8054d019ce3ffa1de5741506c7a4ea4d8d170af3de17bb9b217c52aaaffdf9395f35ef015a57ef676e406c121e5e22325e121e3b7d300c0d0075b33e5eca39a3e6a659fb9cfee52b70ef71686628f1bd5a97614d5319ce9c8e01fa0b4eb06fb5b9e54fa13b23d718174a1546444123bf0641e053e81f0d01fa46db35a83e0a34494886503086866d956d14e81fd3e1cf88258e21592084a2f93a572ade8f9b91c0cd0e242f5cf6121ed7bad0f7bdd1f
Routes
2 allowed · 2 blocked
MISP-Community
priority 2 · stix_indicators · max_tlp AMBER
URLhaus
priority 3 · malware_url_report · max_tlp GREEN
CERT-Bund
country_mismatch
AbuseIPDB
tlp_exceeded