{
  "name": "Inside the Axios supply chain compromise - one RAT to rule them all",
  "slug": "inside-the-axios-supply-chain-compromise-one-rat-to-rule-them-all",
  "description": "Elastic Security Labs identified a supply chain compromise of the axios npm package, one of the most depended-upon packages in the JavaScript ecosystem with approximately 100 million weekly downloads. The attacker compromised a maintainer account and published backdoored versions that delivered a cross-platform Remote Access Trojan to macOS, Windows, and Linux systems through a malicious postinstall hook.",
  "published": "2026-04-01T11:22:54+00:00",
  "created_at": "2026-04-01T11:22:54+00:00",
  "modified_at": "2026-04-01T17:28:58+00:00",
  "created_at_opencti": "2026-04-01T11:22:54+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2026-04-01",
    "axios",
    "javascript",
    "npm package compromise",
    "supply chain attack"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101"
      },
      {
        "id": "",
        "name": "92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a"
      },
      {
        "id": "",
        "name": "fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf"
      }
    ],
    "attack_patterns": [
      {
        "id": "d9d1b749-bf16-4249-9485-40a8e8605cc8",
        "name": "T1143"
      },
      {
        "id": "7d7ac733-6442-416f-8669-c302dd0843b9",
        "name": "T1036"
      },
      {
        "id": "0c836307-129e-4ff7-a532-180c633cacba",
        "name": "T1027"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "sfrclak.com"
      }
    ]
  },
  "external_refs": [
    "https://www.elastic.co/security-labs/axios-one-rat-to-rule-them-all",
    "https://otx.alienvault.com/pulse/69cd1c2e48c8aeef1f743d7f"
  ]
}