← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
When Trust Becomes the Attack Vector: Analysis of the EmEditor Supply-Chain Compromise
WHITE PetrP.73 2026-03-24 Modified: 2026-04-23
16
IOCs
MEDIUM VOLUME
The EmEditor supply-chain compromise showcases a sophisticated attack where threat actors leveraged a trusted software distribution channel to execute malicious actions. Rather than traditional phishing methods, the attackers exploited a trusted WordPress-based download infrastructure, manipulating conditional server-side logic to deliver a trojanized Microsoft Installer (MSI) to specific users while allowing legitimate content for administrators. This approach highlights an evolving tactic in cyber threats, focusing on eroding trust at the source rather than exploiting direct vulnerabilities.
strongmsi installersha256ip addresshosting ipcompromiseemeditorcopilotfilenametimestampmaliciouspowershelltwitterbluesky
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (16)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 6a4554509ce27efe5c6b8e58431f60d8 MD5 of 3d1763b037e66bbde222125a21b23fc24abd76ebab40589748ac69e2f37c27fc 2026-03-24
FileHash-MD5 a27731876e769ff19e225700085967bf MD5 of 4bea333d3d2f2a32018cd6afe742c3b25bfcc6bfe8963179dad3940305b13c98 2026-03-24
FileHash-SHA1 e5678fd66ac09205f55dc4fae9601185a76b2f50 SHA1 of 4bea333d3d2f2a32018cd6afe742c3b25bfcc6bfe8963179dad3940305b13c98 2026-03-24
FileHash-SHA1 ff78a86746bdcc6ed1390ff291a6c599e96e8487 SHA1 of 3d1763b037e66bbde222125a21b23fc24abd76ebab40589748ac69e2f37c27fc 2026-03-24
FileHash-SHA256 3d1763b037e66bbde222125a21b23fc24abd76ebab40589748ac69e2f37c27fc 2026-03-24
FileHash-SHA256 4bea333d3d2f2a32018cd6afe742c3b25bfcc6bfe8963179dad3940305b13c98 2026-03-24
URL https://cachingdrive.com 25fb23868ebf48348f9e438e00cb9b9d9b3a054f32482a781c762cc4f9cc6393 2026-03-24
URL https://emeditorde.com 2026-03-24
URL https://emeditorgb.com 2026-03-24
URL https://emeditorjp.com 41b805ea7ac014e23556e98bb374702a08344268f92489a02f0880849394a1e4 2026-03-24
URL https://emeditorsb.com 2026-03-24
domain cachingdrive.com 2026-03-24
domain emeditorde.com 2026-03-24
domain emeditorgb.com 2026-03-24
domain emeditorjp.com 2026-03-24
domain emeditorsb.com 2026-03-24
References (1)
↗ https://techcommunity.microsoft.com/blog/microsoftsecurityexperts/when-trust-becomes-the-attack-vector-analysis-of-the-emeditor-supply-chain-compr/4499552