“with advanced threat prevention next - generation firewall with the advanced threat prevention security subscription can help block the attack via the following threat prevention signature : 87121. cloud - delivered security services for the next - generation firewall advanced ur…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
98%
“. cortex xdr customers can also use these xql queries to search for signs of exploitation. conclusion attackers have been increasing the frequency and scale of npm supply chain operations since early 2026. securing the continuous integration / continuous deployment ( ci / cd ) pi…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
97%
“, to validate that your builds are not automatically pulling the poisoned “ latest ” versions. - disable lifecycle scripts : use the - - ignore - scripts flag during ci / cd installations to explicitly prevent npm postinstall hooks from running during automated builds. long - ter…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
97%
“threat brief : widespread impact of the axios supply chain attack executive summary unit 42 researchers have observed widespread impact from the significant supply chain attack targeting the axios javascript library. the attack occurred after an axios maintainer ' s npm account w…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
94%
“discover the malicious packages or rat artifacts, immediately isolate the system from the network. remediation and rebuilding - rebuild from scratch : if an environment is compromised, do not attempt to clean the malware while it is still in place. instead, completely rebuild the…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1071.001Web Protocols
90%
“. unified rat architecture despite being written in three different languages ( c + +, powershell and python ), all three payloads function as implementations of the same rat framework. they all use an identical c2 protocol, send base64 - encoded json data over an http post reque…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
87%
“people ’ s republic of korea ( dprk ). this campaign has affected the following sectors in the u. s., europe, middle east, south asia and australia : - business services - customer service - financial services - high tech - higher education - insurance - media and entertainment -…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
81%
“: pin axios to these safe versions within your package - lock. json file to prevent accidental upgrades. - use overrides : add an overrides block in your package configuration to prevent malicious versions from being resolved transitively by other packages. - restrict corporate r…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1105Ingress Tool Transfer
78%
“[. ] org / product1 for windows - packages. npm [. ] org / product2 for linux figure 1 shows the commands for this first - stage download. execution of the rat the c2 server delivers a different payload depending on the victim ' s operating system : - macos : the dropper uses app…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1587Develop Capabilities
73%
“. cortex xdr customers can also use these xql queries to search for signs of exploitation. conclusion attackers have been increasing the frequency and scale of npm supply chain operations since early 2026. securing the continuous integration / continuous deployment ( ci / cd ) pi…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1587Develop Capabilities
69%
“threat brief : widespread impact of the axios supply chain attack executive summary unit 42 researchers have observed widespread impact from the significant supply chain attack targeting the axios javascript library. the attack occurred after an axios maintainer ' s npm account w…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
58%
“the command - line arguments. the c2 server ' s address is also provided via command - line parameters, allowing the backdoor to download and execute arbitrary payloads from the adversary ' s infrastructure. waveshaper also runs as a daemon by forking itself into a child process …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
55%
“. 1 into the package. json file as a runtime dependency. the postinstall dropper with compromised versions of axios, when a developer runs npm install axios, npm automatically resolves the dependency tree and installs plain - crypto - js. this triggers npm ' s postinstall lifecyc…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.002Compromise Software Supply Chain
53%
“threat brief : widespread impact of the axios supply chain attack executive summary unit 42 researchers have observed widespread impact from the significant supply chain attack targeting the axios javascript library. the attack occurred after an axios maintainer ' s npm account w…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1587Develop Capabilities
38%
“, to validate that your builds are not automatically pulling the poisoned “ latest ” versions. - disable lifecycle scripts : use the - - ignore - scripts flag during ci / cd installations to explicitly prevent npm postinstall hooks from running during automated builds. long - ter…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.