[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ftc95xTAHbCT_PvbQdbQlkq8nW4GtbKaPFJYfcQ4T-1U":3},{"article":4,"iocs":44},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":27,"category":28,"article_tags":31},"15a36340-efd1-4b8a-bbc5-c86d6e7d59b0","Totally legit \"DocuSign\" release in a GitHub (Microsoft owned service) repo: https:\u002F\u002Fgithub[.]com...","totally-legit-docusign-release-in-a-github-microsoft-owned-service-repo-https-gi-aac139","Totally legit \"DocuSign\" release in a GitHub (Microsoft owned service) repo: https:\u002F\u002Fgithub[.]com\u002Flonergigs-code\u002FDocuSign\u002Freleases\u002F\n->\nDocusignSetup.exe - \"Paula Foster\" (Microsoft given cert) signed sample...\n->\nbbytati25iy2.anondns[.]net\n->\n84.54.33[.]250\n🤷‍♂️ https:\u002F\u002Ft.co\u002FbvVrWQotjl","A malicious executable, DocusignSetup.exe, has been discovered within a GitHub repository, masquerading as a legitimate DocuSign release. The malware is signed with a certificate attributed to 'Paula Foster', which appears to be a Microsoft-issued certificate, potentially lending it a false sense of legitimacy. It communicates with a command-and-control server via the domain bbytati25iy2.anondns[.]net, which resolves to the IP address 84.54.33[.]250.","Malware disguised as DocuSign release found in GitHub repo.",null,"https:\u002F\u002Fx.com\u002Fmalwrhunterteam\u002Fstatus\u002F2063925444559118435","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHKSIAQYWEAAldQq.jpg","2026-06-08T10:05:46+00:00","2026-06-08T11:00:08.890192+00:00",8,[18,21,24],{"name":19,"type":20},"DocuSign","product",{"name":22,"type":23},"Microsoft","vendor",{"name":25,"type":26},"GitHub","technology","89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5",{"id":27,"icon":11,"name":29,"slug":30},"Malware","malware",[32,37,39],{"category":33},{"id":34,"icon":11,"name":35,"slug":36},"26b0b636-0e31-4db1-bffb-61bdf9f20a58","Supply Chain","supply-chain",{"category":38},{"id":27,"icon":11,"name":29,"slug":30},{"category":40},{"id":41,"icon":11,"name":42,"slug":43},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[45,49,53],{"type":46,"value":47,"context":48},"url","https:\u002F\u002Fgithub[.]com\u002Flonergigs-code\u002FDocuSign\u002Freleases\u002F","GitHub repository hosting the malicious executable",{"type":50,"value":51,"context":52},"domain","bbytati25iy2.anondns[.]net","Command and control domain",{"type":54,"value":55,"context":56},"ip","84.54.33[.]250","Command and control IP address"]