{ "Event": { "analysis": "1", "date": "2026-04-03", "extends_uuid": "", "info": "[Threat Intel] Securing the Supply Chain: How SentinelOne's AI EDR Stops the ...", "protected": false, "publish_timestamp": "1775975058", "published": true, "threat_level_id": "2", "timestamp": "1775975058", "uuid": "c6435173-2bdf-4790-ad76-aa54070343ef", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#75e21e", "local": false, "name": "misp-galaxy:producer=\"SentinelOne\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#18005e", "local": false, "name": "rectifyq:topic=\"supply-chain\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"north korea\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775271612", "to_ids": false, "type": "link", "uuid": "8056055a-bf33-499d-bc9c-c8dbf6e4f8d2", "value": "https://www.sentinelone.com/blog/securing-the-supply-chain-how-sentinelones-ai-edr-stops-the-axios-attack-autonomously/" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1775271612", "to_ids": false, "type": "text", "uuid": "12bc18f3-e3f0-4ae1-b43e-cfff7746c4b2", "value": "On March 31, 2026, a North Korean state actor hijacked the npm credentials of the primary Axios maintainer and published two backdoored releases that deployed a cross-platform remote access trojan (RAT) to Windows, macOS, and Linux systems. Axios is the most widely used HTTP client in the JavaScript ecosystem, with approximately 100 million weekly downloads and a presence in roughly 80% of cloud and code environments." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1775271612", "to_ids": false, "type": "text", "uuid": "25a27e58-b9c5-47a5-a676-61b79ecf1495", "value": "Name: Securing the Supply Chain: How SentinelOne's AI EDR Stops the ...\nAuthor: AlienVault\nAdversary: \nTags: []\nTgtd countries: []\nMlwr families: []\nAttack_ids: []\nIndustries: []" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775973332", "to_ids": true, "type": "sha1", "uuid": "da960583-4e2f-4c6a-b9d7-bd7730730c4f", "value": "d6f3f62fd3b9f5432f5782b62d8cfd5247d5ee71", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775974117", "to_ids": true, "type": "url", "uuid": "6e56f402-69cc-4e87-a0ca-bdbaaedc744c", "value": "http://sfrclak.com:8000/6202033", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775974138", "to_ids": true, "type": "domain", "uuid": "8b3c1ac6-8d0a-4e58-b6d0-a0e0afdf6ab5", "value": "callnrwise.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775974160", "to_ids": true, "type": "domain", "uuid": "14f2e51f-9242-487f-9bea-4e61263a5dd8", "value": "chickencoinwin.website", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775974181", "to_ids": true, "type": "domain", "uuid": "93d7c58a-3aa8-4130-8868-e238a8ae6b73", "value": "focusrecruitment.careers", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775974202", "to_ids": true, "type": "domain", "uuid": "d99bbc50-b283-40b5-868c-979cd05d0250", "value": "sfrclak.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775974224", "to_ids": true, "type": "ip-dst", "uuid": "2eff26e0-4318-4fd9-ac1e-2fa031c08781", "value": "142.11.206.73", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775971315", "to_ids": true, "type": "email-src", "uuid": "33f3593d-9936-4e82-8c13-8da49e8eeef8", "value": "nrwise@proton.me" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775971315", "to_ids": true, "type": "email-src", "uuid": "3daea075-d4fb-4d75-8a9d-e64653a81ea0", "value": "ifstap@proton.me" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775974245", "uuid": "2bbcd58c-b5df-413b-ba80-338514b9afaa", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775974245", "to_ids": true, "type": "md5", "uuid": "bdcd44e4-12fc-486b-a01d-9d087a8c7fe4", "value": "21d2470cae072cf2d027d473d168158c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775973331", "to_ids": true, "type": "sha1", "uuid": "220f8534-22df-4efb-a8f3-f95011c3ae2b", "value": "2553649f2322049666871cea80a5d0d6adc700ca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775973331", "to_ids": true, "type": "sha256", "uuid": "f69c10b7-7f1f-4ec2-8fbc-3d414514dbae", "value": "5bb67e88846096f1f8d42a0f0350c9c46260591567612ff9af46f98d1b7571cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775972991", "to_ids": true, "type": "ssdeep", "uuid": "e68f39d8-3dd0-41f5-9388-4600dd464e51", "value": "12288:zU1Bd73ORJcXLJGfqLAbDfvIoKi08KAS453HbUyFdDn7xkB8xdUbH:u3jNGfSuLvIqKAjh7b7x+MUz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775972991", "to_ids": false, "type": "size-in-bytes", "uuid": "8b15b10c-ccdc-4cd2-9a05-1916a3b4321d", "value": "630301" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775972991", "to_ids": true, "type": "vhash", "uuid": "2a886f30-c21a-4a3c-946f-cbedf0b501a4", "value": "e5935c4c7d3cc2883bd14332f5e3ea18" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775972991", "to_ids": true, "type": "filename", "uuid": "bb2bbbdd-b9a2-49a6-8ad5-45fd37c919a8", "value": "axios-1.14.1.tgz" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 10/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775972991", "to_ids": false, "type": "text", "uuid": "55f7cbea-e284-4775-9ee2-4669f0d3b89b", "value": "Type Description: GZIP\nMicrosoft: None\nVT Total Detection:22/63\nFirst Submission:2026-03-31T04:08:34.000000+00:00\nLast Submission:2026-04-07T10:40:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775974266", "uuid": "f52b5b76-f766-4939-82e4-66d70f28ebd9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775974266", "to_ids": true, "type": "md5", "uuid": "935b702f-b458-4984-aff0-dd2ae6b81d68", "value": "db7f4c82c732e8b107492cae419740ab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775973332", "to_ids": true, "type": "sha1", "uuid": "8735189c-42b5-4976-8a3b-a04c0954224b", "value": "07d889e2dadce6f3910dcbc253317d28ca61c766", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775973332", "to_ids": true, "type": "sha256", "uuid": "06a94678-c6ba-4dae-8bb8-0d18e9f15062", "value": "58401c195fe0a6204b42f5f90995ece5fab74ce7c69c67a24c61a057325af668", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775973013", "to_ids": true, "type": "ssdeep", "uuid": "ebe5c555-ec1f-4bb7-af71-8b212c1aa71e", "value": "1536:uXG6U0Qn6xK9yaoMZ2NUX6KX1hkKAqFlsaPXOdV2VLbgQvMjCtVpWl+0iium82FM:uWD6MIMAiDXoL6wQg9jQVElKI82Te" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775973013", "to_ids": false, "type": "size-in-bytes", "uuid": "ba940e58-4763-444c-8590-72beeca349b1", "value": "89868" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775973013", "to_ids": true, "type": "vhash", "uuid": "361d003e-6e3b-4d4c-bc1d-76bb32b950a2", "value": "cd8e4404877b2b40dc62d177414fd4bb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775973013", "to_ids": true, "type": "filename", "uuid": "65b38c73-83ea-463c-8ea7-9ec28e636d10", "value": "58401c195fe0a6204b42f5f90995ece5fab74ce7c69c67a24c61a057325af668.gz" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775973013", "to_ids": false, "type": "text", "uuid": "befd8592-418f-417d-a077-130ef8495ed6", "value": "Type Description: GZIP\nMicrosoft: TrojanDownloader:JS/TalonStrike.D!dha\nVT Total Detection:34/63\nFirst Submission:2026-03-31T02:57:22.000000+00:00\nLast Submission:2026-04-08T05:57:15.000000+00:00" } ] } ] } }