← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Malicious Checkmarx Artifacts Found in Official KICS Docker Repository and Code Extensions
WHITE CyberHunter_NL 2026-04-23 Modified: 2026-05-23
21
IOCs
MEDIUM VOLUME
Security firm Checkmarx has been the target of a serious supply chain compromise, according to researchers at the Socket Research Team and the Open Source Software (OSS) in the United States and Canada.
githubgithub actionscheckmarxdockerkics imageyamlsocketdocker hubkicsvs codeaprilopenpowershelldunecodemcpaddon.js
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
mcpAddon.js KICS
Indicators of Compromise (11 / 21 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 222e6bfed0f3bb1937bf5e719a2342871ccd683ff1c0cb967c8e31ea58beaf7b 2026-04-23
FileHash-SHA256 24680027afadea90c7c713821e214b15cb6c922e67ac01109fb1edb3ee4741d9 SHA256 of 2b12cc5cc91ec483048abcbd6d523cdc9ebae3f3 2026-04-23
FileHash-SHA256 2588a44890263a8185bd5d9fadb6bc9220b60245dbcbc4da35e1b62a6f8c230d 2026-04-23
FileHash-SHA256 26e8e9c5e53c972997a278ca6e12708b8788b70575ca013fd30bfda34ab5f48f 2026-04-23
FileHash-SHA256 2a6a35f06118ff7d61bfd36a5788557b695095e7c9a609b4a01956883f146f50 SHA256 of 250f3633529457477a9f8fd3db3472e94383606a 2026-04-23
FileHash-SHA256 415610a42c5b51347709e315f5efb6fffa588b6ebc1b95b24abf28088347791b 2026-04-23
FileHash-SHA256 7391b531a07fccbbeaf59a488e1376cfe5b27aef757430a36d6d3a087c610322 2026-04-23
FileHash-SHA256 a0d9366f6f0166dcbf92fcdc98e1a03d2e6210e8d7e8573f74d50849130651a0 2026-04-23
FileHash-SHA256 a6871deb0480e1205c1daff10cedf4e60ad951605fd1a4efaca0a9c54d56d1cb 2026-04-23
FileHash-SHA256 d186161ae8e33cd7702dd2a6c0337deb14e2b178542d232129c0da64b1af06e4 2026-04-23
FileHash-SHA256 ff7b0f114f87c67402dfc2459bb3d8954dd88e537b0e459482c04cffa26c1f07 2026-04-23
References (1)
↗ https://socket.dev/blog/checkmarx-supply-chain-compromise