← Back to Cybersecurity News Center
Severity
HIGH
CVSS
7.5
Priority
0.875
×
Tip
Pick your view
Analyst for full detail, Executive for the short version, or Plain & Simple if you are not a tech person.
Analyst
Executive
Plain & Simple
Executive Summary
Quantitative intelligence from 2025 confirms a structural shift in the attacker economy: AI-assisted tools have compressed the average exploit window from roughly 700 days in 2020 to 44 days in 2025, with nearly one-third of disclosed vulnerabilities now exploited within 24 hours. Simultaneously, malicious package injection into public software repositories has scaled to an estimated 454,600 uploads per year, enabling non-technical actors to execute supply chain attacks that previously required specialized expertise. For boards and CISOs, the operational implication is direct: speed and volume have outpaced conventional patch and review cycles, and the assumption that complexity filters out unsophisticated attackers no longer holds.
Plain & Simple
Here’s what you need to know.
No jargon. Just the basics.
👤
Are you affected?
Probably, if you use the Trust Wallet browser extension or apps connected to Rakuten Mobile or Kaikatsu Club, your account or wallet details may have been exposed.
🔓
What got out
Suspected: account login details for Kaikatsu Club users
Suspected: cryptocurrency wallet keys for Trust Wallet Chrome extension users
Suspected: personal data held by Rakuten Mobile accounts
✅
Do this now
1 Remove the Trust Wallet Chrome extension and reinstall only from the official Chrome Web Store. 2 Change your password on Kaikatsu Club and Rakuten Mobile right away. 3 Turn on two-step sign-in for any accounts that offer it.
👀
Watch for these
Unexpected charges or transfers in your crypto wallet.
Sign-in alerts from places you do not recognize.
Emails asking you to confirm account changes you did not make.
🌱
Should you worry?
Most people will not be directly affected unless they use one of these specific apps or services. If you do use them, changing your password now is a simple step that removes most of the risk.
Want more detail? Switch to the full analyst view →
Impact Assessment
CISA KEV Status
Not listed
Threat Severity
HIGH
High severity — prioritize for investigation
Actor Attribution
HIGH
Unattributed non-technical actors (AI-assisted), Shai-Hulud campaign operators (npm ecosystem)
TTP Sophistication
HIGH
11 MITRE ATT&CK techniques identified
Detection Difficulty
HIGH
Multiple evasion techniques observed
Target Scope
INFO
npm ecosystem, PyPI, Chainguard Libraries, ChatGPT, Claude Code, Rakuten Mobile, Kaikatsu Club, Trust Wallet Chrome extension
Are You Exposed?
⚠
Your industry is targeted by Unattributed non-technical actors (AI-assisted), Shai-Hulud campaign operators (npm ecosystem) → Heightened risk
⚠
You use products/services from npm ecosystem → Assess exposure
⚠
11 attack techniques identified — review your detection coverage for these TTPs
✓
Your EDR/XDR detects the listed IOCs and TTPs → Reduced risk
✓
You have incident response procedures for this threat type → Prepared
Business Context
The compression of exploit windows to 44 days — with nearly a third of vulnerabilities weaponized within 24 hours — means that organizations relying on monthly patch cycles are structurally exposed for weeks at a time, creating measurable windows of liability that regulators and cyber insurers are beginning to quantify. Supply chain attacks targeting npm and PyPI at the scale described (454,600 malicious packages annually) represent a systemic risk to any organization consuming open-source dependencies in production software, including financial services platforms like Trust Wallet and telecommunications providers like Rakuten Mobile. A single compromised transitive dependency can result in credential exfiltration, CI/CD pipeline compromise, or ransomware deployment (T1486), with downstream costs spanning breach notification, regulatory penalties, and erosion of customer trust across consumer and enterprise relationships.
You Are Affected If
Your engineering or DevOps teams consume npm or PyPI packages in production builds or CI/CD pipelines
Your organization uses AI coding assistants (ChatGPT, Claude Code, or equivalent) integrated into developer workflows without established package vetting policies
Your software supply chain includes dependencies on open-source libraries without enforced SBOM generation, lockfile pinning, or hash integrity verification
You operate in financial services, telecommunications, or consumer software verticals — the sectors represented by the named affected entities (Trust Wallet, Rakuten Mobile, Kaikatsu Club)
Your CI/CD environment stores API tokens, cryptographic keys, or cloud credentials as environment variables accessible to build scripts
Board Talking Points
Attackers now exploit newly disclosed software vulnerabilities within 24 hours in nearly a third of cases, meaning our patch timelines must shrink from weeks to days or we carry measurable, quantifiable exposure windows.
Recommend immediate investment in automated dependency integrity verification for our software build pipeline and a formal review of our mean-time-to-patch targets against current exploitation speed data, with a 60-day completion target.
Organizations that do not modernize patch velocity and supply chain controls in 2026 face a growing probability of credential theft or ransomware deployment through channels — compromised open-source packages — that most existing security programs were not designed to monitor.
Technical Analysis
The 2025 threat landscape, as synthesized by Chainguard research and consistent with industry threat reporting, describes an inflection point driven by two intersecting forces: AI-accelerated exploitation and industrialized supply chain poisoning.
On the exploitation side, according to 2025 threat intelligence aggregates (confidence: directional, source tier T3), the median time-to-exploitation for newly disclosed CVEs has collapsed from approximately 700 days in 2020 to 44 days in 2025.
More critically, based on the same threat intelligence sources, 28.3% of CVEs are now exploited within 24 hours of public disclosure, a figure that effectively nullifies patch-before-exploitation windows for organizations without automated remediation pipelines.
AI-assisted coding tools appear to be the primary accelerant: they lower the skill floor for weaponizing disclosed vulnerabilities, enable rapid variant generation, and produce malware variants that reportedly evade traditional static analysis tooling by altering signatures at scale. The MITRE ATT&CK techniques mapped to this cluster reflect this reality: T1203 (exploitation for client execution), T1059 (command and scripting interpreter abuse), T1562.001 (impair defenses), and T1486 (data encrypted for impact) suggest a full kill chain from initial access through impact.
On the supply chain side, the npm and PyPI ecosystems are the primary battlegrounds. According to 2025 threat intelligence aggregates (confidence: directional, source tier T3), an estimated 454,600 malicious packages were uploaded to public repositories in 2025. Attack techniques observed across named campaigns include layered dependency confusion, where attackers nest malicious payloads inside transitive dependencies to evade shallow review, and backdoored GPT-proxy packages that present as AI utility libraries while silently relaying traffic to attacker infrastructure. According to Aikido's 2026 analysis of the GPT-proxy backdoor campaign, some variants specifically target Chinese LLM infrastructure endpoints. A separate campaign cluster focused on credential harvesting: packages designed to exfiltrate cryptographic keys, CI/CD pipeline secrets, and API tokens from developer environments, mapped to T1552.001 (credentials in files) and T1195.001 /T1195.002 (supply chain compromise at the dependency and software levels).
Named affected entities, Rakuten Mobile, Kaikatsu Club, and the Trust Wallet Chrome extension, span telecommunications, consumer loyalty platforms, and cryptocurrency tooling, indicating broad targeting rather than sector-specific campaigns. The Shai-Hulud campaign, specifically attributed to npm ecosystem operations, represents a named threat cluster within this broader trend. CWEs mapped to the threat cluster (CWE-1104, CWE-494, CWE-829, CWE-693) collectively describe the same root failure: organizations consuming third-party code without adequate integrity verification, provenance validation, or dependency auditing.
Confidence note: Quantitative figures cited (454,600 packages, 44-day exploit window, 28.3% 24-hour exploitation rate) derive from secondary aggregation sources rated T3. These figures are directionally credible and consistent with observed trends, but should be validated against NVD, CISA, or the Chainguard primary publication before use in formal risk reporting or board presentations.
Action Checklist IR ENRICHED
Triage Priority:
URGENT
Escalate immediately to CISO and legal if SBOM audit identifies a confirmed malicious package that was executed in a production build environment, any CI/CD secrets (cloud provider keys, signing certificates, API tokens) were exposed to postinstall scripts from unverified packages, or if the Trust Wallet Chrome extension or any Rakuten/Kaikatsu Club-adjacent dependency is present in environments handling PII, PHI, or payment card data triggering breach notification obligations under GDPR, CCPA, or PCI-DSS.
1
Step 1: Containment — Audit your SBOM for all direct and transitive npm and PyPI dependencies; flag packages introduced or updated in the past 90 days that lack verified publisher provenance; remove or quarantine any unauthorized packages per CIS 2.3. Apply AC-4 (Information Flow Enforcement) to block unapproved external package registry traffic from build agents. (Cite: NIST AC-4 / CIS 2.3 / D3-ODM)
IR Detail
Preparation
NIST 800-61r3 §2 — Preparation: establishing IR capability and asset visibility before an incident occurs
NIST SI-2 (Flaw Remediation)
NIST CM-8 (System Component Inventory)
CIS 1.1 (Establish and Maintain Detailed Enterprise Asset Inventory)
CIS 2.1 (Establish and Maintain a Software Inventory)
CIS 7.1 (Establish and Maintain a Vulnerability Management Process)
Compensating Control
Run 'npm audit --json > npm_audit.json' and 'pip-audit --output-format json > pip_audit.json' against each project. For SBOM generation without enterprise tooling, use Syft (free, Anchore): 'syft dir:. -o spdx-json > sbom.json'. Cross-reference package names and versions against the OSS Index (Sonatype) free API. Flag any package where the publisher account was created within the last 90 days or where the package name closely resembles a known internal package (dependency confusion indicator) using a simple Python diff script against your internal package registry list.
Preserve Evidence
Before auditing, snapshot current state to establish a forensic baseline: capture 'pip freeze > pip_freeze_baseline.txt' and 'npm list --all --json > npm_tree_baseline.json' from each build environment. Preserve CI/CD pipeline logs showing when each dependency version was first introduced — specifically npm/PyPI install logs with timestamps from the past 90 days. For PyPI, check ~/.cache/pip/ and for npm check node_modules/.package-lock.json for install timestamps that may reveal when a malicious package update was pulled. If using GitHub Actions, preserve .github/workflows/ YAML files and the Actions run logs from the same 90-day window.
2
Step 2: Detection — Verify that your CI/CD pipeline enforces lockfile pinning, hash verification, and package signing; confirm secrets scanning covers CI/CD environment variables, not just source code. Enable audit logging on build agents per CIS 8.2 and AU-2 (Event Logging) to capture dependency resolution events. Rotate any CI/CD secrets or tokens exposed to the build environment per D3-CRO. (Cite: NIST AU-2 / CIS 8.2 / D3-CRO / D3-CH)
IR Detail
Preparation
NIST 800-61r3 §2 — Preparation: implementing preventive controls and hardening the environment to reduce IR burden
NIST SI-7 (Software, Firmware, and Information Integrity)
NIST SA-12 (Supply Chain Protection)
NIST CM-3 (Configuration Change Control)
CIS 4.6 (Securely Manage Enterprise Assets and Software)
CIS 7.4 (Perform Automated Application Patch Management)
Compensating Control
Enforce lockfile integrity with 'npm ci' (not 'npm install') in all pipeline stages — 'npm ci' fails if package-lock.json is missing or mismatched, blocking silent dependency substitution. For PyPI, use 'pip install --require-hashes -r requirements.txt' with hashes pre-computed via 'pip-compile --generate-hashes'. Integrate Sigstore cosign (free) for verifying signed package artifacts: 'cosign verify-blob --certificate <cert> --signature <sig> <artifact>'. For secrets scanning covering CI/CD environment variables, deploy Gitleaks (free) with a pre-commit hook and add a pipeline stage running 'gitleaks detect --source . --report-format json'. Trufflehog (free) can scan GitHub Actions secrets exposure: 'trufflehog github --repo <url>'.
Preserve Evidence
Before modifying pipeline configuration, preserve the current state of all CI/CD pipeline definition files (e.g., .github/workflows/*.yml, .gitlab-ci.yml, Jenkinsfile, .circleci/config.yml) with 'git log --all --full-history -- .github/workflows/ > pipeline_git_history.txt'. Capture the current package-lock.json and requirements.txt with their git commit hashes. For the Shai-Hulud campaign specifically, examine CI/CD environment variable stores for any recently added variables containing base64-encoded strings, webhook URLs, or cloud provider credentials — these are the exfiltration artifacts malicious packages in this campaign inject into the build environment via postinstall scripts.
3
Step 3: Eradication — Update your threat model and patch SLA targets to reflect a 44-day median exploit window and sub-24-hour exploitation risk for critical CVEs. Execute your documented remediation process per CIS 7.2, prioritizing packages flagged in Step 1. Enforce automated application patch management per CIS 7.4 to close gaps before next exploitation window. (Cite: NIST AC-6 / CIS 7.2 / CIS 7.4)
IR Detail
Preparation
NIST 800-61r3 §2 — Preparation: updating IR policies, playbooks, and threat intelligence to reflect current adversary capability
NIST RA-3 (Risk Assessment)
NIST SI-5 (Security Alerts, Advisories, and Directives)
NIST IR-8 (Incident Response Plan)
CIS 7.1 (Establish and Maintain a Vulnerability Management Process)
CIS 7.2 (Establish and Maintain a Remediation Process)
Compensating Control
Document the Shai-Hulud TTP cluster against the MITRE ATT&CK Supply Chain Compromise technique (T1195) and its sub-technique Compromise Software Dependencies and Development Tools (T1195.001). Map AI-assisted exploit acceleration to T1588.006 (Obtain Capabilities: Vulnerabilities) and T1190 (Exploit Public-Facing Application) with the updated 44-day window as a threat register parameter. Use the free MITRE ATT&CK Navigator (https://mitre-attack.github.io/attack-navigator/) to create a layer file documenting these TTPs. Update your SLA policy document to define 'critical' patches as requiring deployment within 24 hours for any CVE appearing in CISA KEV, and 14 days for High severity CVEs given the compressed 44-day mean exploitation window.
Preserve Evidence
Before finalizing the updated threat model, gather quantitative baseline evidence from your environment: pull the last 12 months of patch deployment timestamps from your patch management system to document your actual current mean-time-to-patch. Query your dependency update history to determine how many npm/PyPI package updates occurred without human review. If you have proxy or DNS logs, search for any historical connections to known Shai-Hulud campaign infrastructure — the campaign has been associated with exfiltration over DNS and HTTPS to attacker-controlled domains registered to mimic legitimate package registry infrastructure. This baseline documents your current exposure gap against the 44-day exploitation window.
4
Step 4: Recovery — Validate that all restored build environments use only software confirmed in the authorized software inventory per CIS 2.1 and CIS 2.2. Apply AC-6 (Least Privilege) to restrict package manager execution to dedicated service accounts. Confirm that accounts used in compromised build pipelines are reviewed and rotated per CIS 5.1 and D3-CRO. (Cite: NIST AC-6 / CIS 2.1 / CIS 2.2 / CIS 5.1 / D3-CRO)
IR Detail
Detection & Analysis
NIST 800-61r3 §3.2 — Detection and Analysis: communicating incident scope, impact, and analysis findings to appropriate stakeholders
NIST IR-4 (Incident Handling)
NIST IR-6 (Incident Reporting)
NIST AU-6 (Audit Record Review, Analysis, and Reporting)
CIS 7.1 (Establish and Maintain a Vulnerability Management Process)
Compensating Control
Prepare a one-page technical brief for development leads that includes: (1) a concrete example of dependency confusion using the npm/PyPI naming pattern this campaign exploits — an attacker registers 'company-internal-utils' on public PyPI after discovering the name from a leaked requirements.txt, and 'pip install' resolves the public malicious version over the internal one if registry priority is misconfigured; (2) a live demonstration using 'pip install --dry-run' showing which registry wins under current configuration. For leadership, translate the 454,600 malicious package/year figure into a per-week rate (approximately 8,742/week) to contextualize why manual review is structurally insufficient and quantify the business risk in terms of a potential software supply chain incident like the 2020 SolarWinds event.
Preserve Evidence
Collect evidence to support the brief: generate a dependency confusion risk report by diffing your internal package registry namespace against public npm and PyPI namespaces using a script querying the public registry APIs. Document any namespace collisions found — these are direct evidence of existing exposure to the layered dependency confusion vector used in the Shai-Hulud campaign. Preserve this report as a timestamped artifact for the communication record and for any subsequent regulatory or audit requirements under NIST IR-6 (Incident Reporting).
5
Step 5: Post-Incident — Brief development leads and platform engineering on layered dependency confusion techniques and the volume of industrialized supply chain attacks that have outpaced manual review. Update vulnerability management documentation per CIS 7.1 to incorporate AI-accelerated exploitation timelines. Establish cross-organizational audit log sharing with upstream registry and SBOM providers per AU-16 to improve future detection coverage. Monitor CISA KEV for CVEs entering the sub-24-hour exploitation cohort relevant to your asset inventory. (Cite: NIST AU-16 / CIS 7.1 / D3-ODM)
IR Detail
Detection & Analysis
NIST 800-61r3 §3.2 — Detection and Analysis: continuous monitoring, threat intelligence integration, and adverse event correlation
NIST SI-4 (System Monitoring)
NIST SI-5 (Security Alerts, Advisories, and Directives)
NIST AU-6 (Audit Record Review, Analysis, and Reporting)
CIS 8.2 (Collect Audit Logs)
CIS 7.1 (Establish and Maintain a Vulnerability Management Process)
Compensating Control
Automate CISA KEV monitoring with a free cron job pulling the KEV JSON feed ('curl https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json') and diffing against yesterday's snapshot, then alerting via email or Slack webhook when new CVEs appear that match packages in your SBOM. For Chainguard Unchained and new malicious package disclosures, configure an RSS feed aggregator (FreshRSS, free self-hosted) to consolidate Chainguard, CISA, and OSS security advisory feeds. Implement osquery on build servers with a query monitoring package installation events: 'SELECT name, version, install_time FROM deb_packages' (Linux) or equivalent, scheduled every 15 minutes, with results shipped to a central log file for daily diff review by the 2-person team.
Preserve Evidence
Establish detection baselines before new package disclosures occur: snapshot current npm and PyPI package versions in all production and CI/CD environments and store with SHA-256 hashes. For the Trust Wallet Chrome extension compromise referenced in this campaign, if your organization uses browser extensions in managed environments, export the current extension inventory from Chrome policy logs or via 'chrome://extensions' export and preserve it. Monitor outbound DNS queries from build servers for any newly observed domains — malicious packages in this campaign category frequently beacon on first install via postinstall scripts, producing DNS queries to attacker-controlled infrastructure that would appear as first-seen domains in DNS logs.
Recovery Guidance
Post-containment, rotate all secrets (API keys, cloud credentials, signing certificates, webhook tokens) that were present as environment variables in any CI/CD pipeline that executed an unverified or flagged package, treating them as fully compromised regardless of whether exfiltration is confirmed — the Shai-Hulud campaign's postinstall script vector means exposure is simultaneous with install. Re-pin all dependencies to verified hashes, rebuild all production artifacts from a clean pipeline with the hardened controls from Step 2 in place, and verify artifact integrity using Sigstore or equivalent before re-deployment. Maintain enhanced monitoring of outbound DNS and HTTPS from build infrastructure and production systems for 30 days post-remediation, specifically watching for beaconing patterns (regular-interval connections to recently-registered domains) consistent with delayed-activation malicious package payloads.
Key Forensic Artifacts
npm postinstall script execution logs: check npm debug log at ~/.npm/_logs/*.log and CI/CD stdout for any 'postinstall' script execution events tied to packages flagged in the SBOM audit — malicious packages in this campaign category embed credential harvesting code in package.json 'scripts.postinstall' that executes automatically on 'npm install'
PyPI package cache and install receipts: examine ~/.cache/pip/wheels/ and site-packages/<package>.dist-info/RECORD files for packages installed from unexpected indexes; cross-reference install timestamps in RECORD files against your CI/CD pipeline run timestamps to identify packages pulled during suspicious build windows
CI/CD environment variable access logs: in GitHub Actions, retrieve the workflow run logs from the Actions tab for any job that ran 'npm install' or 'pip install' without hash verification — look for unexpected outbound HTTP requests in the runner network logs, which would indicate a postinstall script attempting to exfiltrate secrets to attacker-controlled infrastructure
DNS query logs from build servers and developer workstations: query DNS resolver logs or firewall DNS logs for first-seen domain lookups occurring within seconds of a package install event — the Shai-Hulud campaign and similar supply chain attacks use postinstall beaconing to confirm successful compromise, producing anomalous first-seen FQDN queries from build infrastructure
Chrome extension storage and network activity for Trust Wallet extension: if the Trust Wallet Chrome extension (or any flagged browser extension) is deployed in managed environments, capture the extension's IndexedDB storage at chrome://extensions > developer mode > inspect views, and review Chrome's net-internals logs (chrome://net-internals/#events) for any anomalous WebSocket or HTTPS connections to non-official Trust Wallet infrastructure that would indicate the compromised extension version was present
Detection Guidance
Detection for this threat cluster requires coverage across three layers: repository ingestion, runtime behavior, and credential telemetry.
Repository and build layer: Enable audit logging across all build agents and CI/CD systems per CIS 8.2 (Collect Audit Logs) and NIST AU-2 (Event Logging).
AU-3 (Content of Audit Records) requires that each record captures what occurred, when, where, and which process triggered the event — apply this standard to dependency resolution events.
Alert on any package not present in the approved software inventory (CIS 2.1) or flagged by CIS 2.3 (Address Unauthorized Software). Use D3-FMBV (File Magic Byte Verification) to validate that package archive contents match declared file types — malicious packages distributed via typosquatting frequently abuse this gap. Use D3-SFA (System File Analysis) to monitor build configuration files, package manifests, and lockfiles for unauthorized modification. Flag packages that initiate outbound network connections during installation or post-install script execution; this is anomalous and unsupported by legitimate libraries. Network flow logs from build agents are the primary detection surface for the persistent relay behavior documented in the Shai-Hulud campaign TTP cluster.
Runtime and process layer: Hunt for scripting interpreter invocations (T1059 ) originating from dependency installation directories or package manager processes — these should never occur in a clean build environment. Alert on file system enumeration behavior (T1083 ) by processes with no legitimate traversal requirement. Apply D3-SICA (System Init Config Analysis) to detect persistence mechanisms injected via post-install hooks that modify system startup configuration. Use D3-UAP (User Account Permissions) to confirm that package manager processes execute under least-privilege accounts per NIST AC-6, limiting blast radius if a malicious package executes.
Credential telemetry layer: Secrets embedded in source repositories or CI/CD environment variables are a primary target of T1552.001 . Monitor for credential access patterns using D3-LAM (Local Account Monitoring) and enforce D3-CH (Credential Hardening) across all build and deployment service accounts. Rotate credentials on any account that had access to a compromised build pipeline per D3-CRO (Credential Rotation). Apply CIS 6.5 (Require MFA for Administrative Access) to all accounts with write access to package registries, CI/CD systems, or deployment pipelines, and enforce D3-MFA (Multi-factor Authentication) as a countermeasure against T1078 (Valid Accounts) abuse. Review AU-6 (Audit Record Review, Analysis, and Reporting) cadence — given sub-24-hour exploitation windows, daily review of build and registry audit logs is warranted, not weekly.
Controls not covered by the current KB reference: The KB does not include NIST SA-12 (Supply Chain Protection), SI-7 (Software, Firmware, and Information Integrity), or SR-4 (Provenance) — all directly applicable to SBOM integrity and software supply chain risk. If those controls are available in your full NIST 800-53 implementation, they should be added to this detection and control mapping.
Indicators of Compromise (3)
Export as
Splunk SPL
KQL
Elastic
Copy All (3)
3 tools
Type Value Enrichment Context Conf.
⚙ TOOL
Pending — refer to Chainguard Unchained (2026-the-year-of-ai-assisted-attacks) for published package names and hashes
Malicious npm and PyPI package names, SHA hashes, and associated publisher accounts identified in Chainguard research; specific values not present in aggregated source text provided
LOW
⚙ TOOL
Pending — refer to Aikido Security blog post (gpt-proxy-backdoor-npm-pypi-chinese-llm-relay) for published indicators
GPT-proxy backdoor packages: package names, registry identifiers, and C2/relay endpoint domains published by Aikido Security; specific values not present in aggregated source text provided
LOW
⚙ TOOL
Pending — refer to The Hacker News (2026/02/malicious-npm-packages-harvest-crypto) for published indicators
Package names and associated payload hashes for npm packages harvesting cryptographic keys, CI/CD secrets, and API tokens; specific values not present in aggregated source text provided
LOW
Platform Playbooks
Microsoft Sentinel / Defender
CrowdStrike Falcon
AWS Security
🔒
Microsoft 365 E3
3 log sources
Basic identity + audit. No endpoint advanced hunting. Defender for Endpoint requires separate P1/P2 license.
🛡
Microsoft 365 E5
18 log sources
Full Defender suite: Endpoint P2, Identity, Office 365 P2, Cloud App Security. Advanced hunting across all workloads.
🔍
E5 + Sentinel
27 log sources
All E5 tables + SIEM data (CEF, Syslog, Windows Security Events, Threat Intelligence). Analytics rules, playbooks, workbooks.
IOC Detection Queries (3)
Known attack tool — NOT a legitimate system binary. Any execution is suspicious.
KQL Query Preview
Read-only — detection query only
// Threat: AI-Assisted Attacks Collapse Exploit Windows and Scale Supply Chain Threats: 202
// Attack tool: Pending — refer to Chainguard Unchained (2026-the-year-of-ai-assisted-attacks) for published package names and hashes
// Context: Malicious npm and PyPI package names, SHA hashes, and associated publisher accounts identified in Chainguard research; specific values not present in aggregated source text provided
DeviceProcessEvents
| where Timestamp > ago(30d)
| where FileName =~ "Pending — refer to Chainguard Unchained (2026-the-year-of-ai-assisted-attacks) for published package names and hashes"
or ProcessCommandLine has "Pending — refer to Chainguard Unchained (2026-the-year-of-ai-assisted-attacks) for published package names and hashes"
or InitiatingProcessCommandLine has "Pending — refer to Chainguard Unchained (2026-the-year-of-ai-assisted-attacks) for published package names and hashes"
| project Timestamp, DeviceName, FileName, FolderPath,
ProcessCommandLine, AccountName, AccountDomain,
InitiatingProcessFileName, InitiatingProcessCommandLine
| sort by Timestamp desc
Known attack tool — NOT a legitimate system binary. Any execution is suspicious.
KQL Query Preview
Read-only — detection query only
// Threat: AI-Assisted Attacks Collapse Exploit Windows and Scale Supply Chain Threats: 202
// Attack tool: Pending — refer to Aikido Security blog post (gpt-proxy-backdoor-npm-pypi-chinese-llm-relay) for published indicators
// Context: GPT-proxy backdoor packages: package names, registry identifiers, and C2/relay endpoint domains published by Aikido Security; specific values not present in aggregated source text provided
DeviceProcessEvents
| where Timestamp > ago(30d)
| where FileName =~ "Pending — refer to Aikido Security blog post (gpt-proxy-backdoor-npm-pypi-chinese-llm-relay) for published indicators"
or ProcessCommandLine has "Pending — refer to Aikido Security blog post (gpt-proxy-backdoor-npm-pypi-chinese-llm-relay) for published indicators"
or InitiatingProcessCommandLine has "Pending — refer to Aikido Security blog post (gpt-proxy-backdoor-npm-pypi-chinese-llm-relay) for published indicators"
| project Timestamp, DeviceName, FileName, FolderPath,
ProcessCommandLine, AccountName, AccountDomain,
InitiatingProcessFileName, InitiatingProcessCommandLine
| sort by Timestamp desc
Known attack tool — NOT a legitimate system binary. Any execution is suspicious.
KQL Query Preview
Read-only — detection query only
// Threat: AI-Assisted Attacks Collapse Exploit Windows and Scale Supply Chain Threats: 202
// Attack tool: malicious-npm-packages-harvest-crypto) for published indicators
// Context: Package names and associated payload hashes for npm packages harvesting cryptographic keys, CI/CD secrets, and API tokens; specific values not present in aggregated source text provided
DeviceProcessEvents
| where Timestamp > ago(30d)
| where FileName =~ "malicious-npm-packages-harvest-crypto) for published indicators"
or ProcessCommandLine has "malicious-npm-packages-harvest-crypto) for published indicators"
or InitiatingProcessCommandLine has "malicious-npm-packages-harvest-crypto) for published indicators"
| project Timestamp, DeviceName, FileName, FolderPath,
ProcessCommandLine, AccountName, AccountDomain,
InitiatingProcessFileName, InitiatingProcessCommandLine
| sort by Timestamp desc
MITRE ATT&CK Hunting Queries (5)
Sentinel rule: Sign-ins from unusual locations
KQL Query Preview
Read-only — detection query only
SigninLogs
| where TimeGenerated > ago(7d)
| where ResultType == 0
| summarize Locations = make_set(Location), LoginCount = count(), DistinctIPs = dcount(IPAddress) by UserPrincipalName
| where array_length(Locations) > 3 or DistinctIPs > 5
| sort by DistinctIPs desc
Sentinel rule: Security tool tampering
KQL Query Preview
Read-only — detection query only
DeviceProcessEvents
| where Timestamp > ago(7d)
| where ProcessCommandLine has_any (
"Set-MpPreference", "DisableRealtimeMonitoring",
"net stop", "sc stop", "sc delete", "taskkill /f",
"Add-MpPreference -ExclusionPath"
)
| where ProcessCommandLine has_any ("defender", "sense", "security", "antivirus", "firewall", "crowdstrike", "sentinel")
| project Timestamp, DeviceName, ProcessCommandLine, AccountName, InitiatingProcessFileName
| sort by Timestamp desc
Sentinel rule: Phishing email delivery
KQL Query Preview
Read-only — detection query only
EmailEvents
| where Timestamp > ago(7d)
| where ThreatTypes has "Phish" or DetectionMethods has "Phish"
| summarize Attachments = make_set(AttachmentCount), Urls = make_set(UrlCount) by NetworkMessageId, Timestamp, SenderFromAddress, RecipientEmailAddress, Subject, DeliveryAction, DeliveryLocation, ThreatTypes
| sort by Timestamp desc
Sentinel rule: Suspicious PowerShell command line
KQL Query Preview
Read-only — detection query only
DeviceProcessEvents
| where Timestamp > ago(7d)
| where FileName in~ ("powershell.exe", "pwsh.exe", "cmd.exe", "wscript.exe", "cscript.exe", "mshta.exe")
| where ProcessCommandLine has_any ("-enc", "-nop", "bypass", "hidden", "downloadstring", "invoke-expression", "iex", "frombase64", "new-object net.webclient")
| project Timestamp, DeviceName, FileName, ProcessCommandLine, AccountName, InitiatingProcessFileName
| sort by Timestamp desc
Sentinel rule: Ransomware activity
KQL Query Preview
Read-only — detection query only
DeviceFileEvents
| where Timestamp > ago(7d)
| where ActionType == "FileRenamed"
| where FileName endswith_any (".encrypted", ".locked", ".crypto", ".crypt", ".enc", ".ransom")
| summarize RenamedFiles = count() by DeviceName, InitiatingProcessFileName, bin(Timestamp, 5m)
| where RenamedFiles > 20
| sort by RenamedFiles desc
No actionable IOCs for CrowdStrike import (benign/contextual indicators excluded).
No hard IOCs available for AWS detection queries (contextual/benign indicators excluded).
Compliance Framework Mappings
T1657
T1552.001
T1078
T1195.001
T1554
T1083
+5
AC-2
AC-6
IA-2
IA-5
CM-7
SA-9
+15
MITRE ATT&CK Mapping
T1657
Financial Theft
impact
T1552.001
Credentials In Files
credential-access
T1078
Valid Accounts
defense-evasion
T1195.001
Compromise Software Dependencies and Development Tools
initial-access
T1554
Compromise Host Software Binary
persistence
T1083
File and Directory Discovery
discovery
T1195.002
Compromise Software Supply Chain
initial-access
T1562.001
Disable or Modify Tools
defense-evasion
T1566
Phishing
initial-access
T1059
Command and Scripting Interpreter
execution
T1486
Data Encrypted for Impact
impact
Guidance Disclaimer
