IOC Radar
TLP:WHITE2 IOCs

Well-architected best practices for software supply chain security

AS
AWS Security
Published May 26, 2026Original Report

Diamond Model

Attack Flow6 steps · MITRE ATT&CK mapped

Initial AccessTA0001·T1078.004
1/6
Compromise Maintainer Account
ActionCompromise maintainer credentials
Threat actors compromise maintainer credentials through phishing to gain access to publish malicious packages.

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise2

TypeIndicatorConfidenceScoreFirst Seen
CVECVE-2025-59144
exploitintel-blogvulnerability
Medium
51
Jun 2, 26
SHA122d200f8670dbdb3e253a90eee5098477c95c23d
aptespionagefile-hash
High
84
Jun 2, 26

IOC Relationship Graph

IOC Relationship Graph2 total IOCs
CVESHA1
CVE1SHA11REPORTWell-architected best prac
scroll to zoom · drag to pan · click IOC to open