T1195.002: T1195.002

Search IOCs, vulnerabilities, APT…

216.73.216.233

← Back to attack patterns

View on MITRE ATT&CK The MITRE Corporation · Published 11/03/2020 15:17 · Modified 27/03/2026 01:11

Essential information

MITRE technique ID: T1195.002
Confidence: 100/100
Revoked: No
Published: 11/03/2020 15:17
Modified: 27/03/2026 01:11
Author / Source: The MITRE Corporation

Aliases

Compromise Software Supply Chain

Platforms

windows macos linux

Description

Adversaries may manipulate application software prior to receipt by a final consumer for the purpose of data or system compromise. Supply chain compromise of software can take place in a number of ways, including manipulation of the application source code, manipulation of the update/distribution mechanism for that software, or replacing compiled releases with a modified version. Targeting may be specific to a desired victim set or may be distributed to a broad set of consumers but only move on to additional tactics on specific victims.(Citation: Avast CCleaner3 2018)(Citation: Command Five SK 2011)

Kill chain phases

Kill chain	Phase
mitre-attack	initial-access

Marking (TLP)

External references

Avast CCleaner3 2018
mitre-attack (T1195.002)
Command Five SK 2011

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.

Intrusion sets (APT) (29)

GOLD SOUTHFIELD uses Pinchy Spider

The MITRE Corporation Confidence 100

[GOLD SOUTHFIELD](https://attack.mitre.org/groups/G0115) is a financially motivated threat group active since at least 2018 that operates the [REvil](https://attack.mitre.org/software/S0496) Ransomware-as-a Service (RaaS). [GOLD SOUTHFIELD](https://attack.mitre.org/groups/G0115) provides backend infrastructure for affiliates recruited…

First seen 01/01/1970 · Last seen 16/11/5138 ·
APT41 uses Wicked PandaBrass Typhoon

The MITRE Corporation Confidence 100

[APT41](https://attack.mitre.org/groups/G0096) is a threat group that researchers have assessed as Chinese state-sponsored espionage group that also conducts financially-motivated operations. Active since at least 2012, [APT41](https://attack.mitre.org/groups/G0096) has been observed…

First seen 01/01/1970 · Last seen 16/11/5138 ·
WageMole uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
SmartApeSG uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
FIN7 uses GOLD NIAGARAITG14

The MITRE Corporation Confidence 100

[FIN7](https://attack.mitre.org/groups/G0046) is a financially-motivated threat group that has been active since 2013. [FIN7](https://attack.mitre.org/groups/G0046) has targeted the retail, restaurant, hospitality, software, consulting, financial services, medical equipment, cloud services, media,…

First seen 01/01/1970 · Last seen 16/11/5138 ·
MatanBuchus uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Daggerfly uses BRONZE HIGHLANDEvasive Panda

The MITRE Corporation Confidence 100

[Daggerfly](https://attack.mitre.org/groups/G1034) is a People's Republic of China-linked APT entity active since at least 2012. [Daggerfly](https://attack.mitre.org/groups/G1034) has targeted individuals, government and NGO entities, and telecommunication companies in Asia and…

First seen 01/01/1970 · Last seen 16/11/5138 ·
Dragonfly uses TEMP.IsotopeDYMALLOY

The MITRE Corporation Confidence 100

[Dragonfly](https://attack.mitre.org/groups/G0035) is a cyber espionage group that has been attributed to Russia's Federal Security Service (FSB) Center 16.(Citation: DOJ Russia Targeting Critical Infrastructure March 2022)(Citation: UK GOV FSB…

First seen 01/01/1970 · Last seen 16/11/5138 ·
Gleaming Pisces uses UNC1720UNC4736

The MITRE Corporation Confidence 100

[AppleJeus](https://attack.mitre.org/groups/G1049) is a North Korean state-sponsored threat group attributed to the Reconnaissance General Bureau. Associated with the broader [Lazarus Group](https://attack.mitre.org/groups/G0032) umbrella of actors, [AppleJeus](https://attack.mitre.org/groups/G1049) has been active since…

First seen 01/01/1970 · Last seen 16/11/5138 ·
Sukob uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Magic Hound uses COBALT ILLUSIONITG18

The MITRE Corporation Confidence 100

[Magic Hound](https://attack.mitre.org/groups/G0059) is an Iranian-sponsored threat group that conducts long term, resource-intensive cyber espionage operations, likely on behalf of the Islamic Revolutionary Guard Corps. They have targeted European,…

First seen 01/01/1970 · Last seen 16/11/5138 ·
Cobalt Group uses GOLD KINGSWOODCobalt Gang

The MITRE Corporation Confidence 100

[Cobalt Group](https://attack.mitre.org/groups/G0080) is a financially motivated threat group that has primarily targeted financial institutions since at least 2016. The group has conducted intrusions to steal money via targeting…

First seen 01/01/1970 · Last seen 16/11/5138 ·

← Previous

Page / 3

1–12 of 29

transformers.pyz uses

Family
OtterCookie uses

Family
V2deck uses

Family
WAVESHAPER uses
OctoRAT uses

Family
Qilin uses

Family
DOMOAuth2_ uses

Family
Vidar uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
plain-crypto-js uses

Family
BeaverTail uses

Family
RAT uses

Family
Mini Shai Hulud uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·

← Previous

Page / 7

1–12 of 74

Laravel Lang Compromised with RCE Backdoor Across 700+ … related

19 MITREs 2 Malwares 2 Observables
Mini Shai Hulud: Compromised @antv npm packages enable … related

AlienVault Confidence 100 20 MITREs 5 IOCs 5 Observables
Popular node-ipc npm Package Infected with Credential Stealer related

AlienVault Confidence 100 20 MITREs 1 Malware 10 IOCs 10 Observables
Inside a Tor Backed Supply Chain Worm related

AlienVault Confidence 100 19 MITREs 2 Malwares 1 IOC 1 Observable 1 APT
Popular Go Decimal Library Targeted by Long-Running Typosquat … related

AlienVault Confidence 100 15 MITREs 3 IOCs 3 Observables
Latest PyPi Compromise related

AlienVault Confidence 100 20 MITREs 3 Malwares 9 IOCs 9 Observables 1 APT
Exposing Fox Tempest: A malware-signing service operation related

AlienVault Confidence 100 20 MITREs 9 Malwares 4 IOCs 4 Observables 1 APT
The Worm That Keeps on Digging: Latest Wave related

17 MITREs 1 Observable 1 APT
Active Supply Chain Attack Compromises Packages on npm related

AlienVault Confidence 100 17 MITREs 1 Malware 2 IOCs 2 Observables
Copycat hits another npm package related

AlienVault Confidence 100 19 MITREs 1 Malware 3 IOCs 3 Observables
TanStack npm Packages Compromised in Ongoing Supply-Chain Attack related

AlienVault Confidence 100 18 MITREs 3 Malwares 4 IOCs 4 Observables 1 APT
Website installer incident (May 2026) related

20 MITREs 8 Observables

← Previous

Page / 5

13–24 of 50

Vulnerabilities (CVE) (6)

CVE-2023-45311 targets

CVE-2023-0669 KEV targets

7.2 High

Fortra (formerly, HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an attacker-controlled …

Attack vector: Network
Published: 10/02/2023
Modified: 21/12/2025

CVE-2024-21338 KEV targets

7.8 High

Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys …

Attack vector: Local
Published: 04/03/2024
Modified: 21/12/2025

CVE-2025-55182 KEV targets

10.0 Critical

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, …

Attack vector: Network
Published: 05/12/2025
Modified: 29/05/2026

Analyzed

CVE-2026-31431 KEV targets

7.8 High

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 …

Attack vector: LOCAL
Complexity: LOW
EPSS: 0.0001 (P0.6%)
Published: 22/04/2026
Modified: 23/05/2026

CWE-669 Awaiting Analysis

CVE-2017-11882 KEV targets

7.8 High

Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.

Attack vector: Local
Complexity: Low
Published: 15/11/2017
Modified: 29/05/2026

CWE-119

Attack patterns (MITRE) (1)

T1195 subtechnique-of

Supply Chain Compromise MITRE

Course Of Action (2)

Update Software mitigates
Vulnerability Scanning mitigates

Campaign (2)

3CX Supply Chain Attack uses
SolarWinds Compromise uses

Contact About Legal notice Privacy policy Terms of use