← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Securing the Supply Chain: How SentinelOne's AI EDR Stops the ...
WHITE AlienVault 2026-04-03 Modified: 2026-04-03
12
IOCs
MEDIUM VOLUME
On March 31, 2026, a North Korean state actor hijacked the npm credentials of the primary Axios maintainer and published two backdoored releases that deployed a cross-platform remote access trojan (RAT) to Windows, macOS, and Linux systems. Axios is the most widely used HTTP client in the JavaScript ecosystem, with approximately 100 million weekly downloads and a presence in roughly 80% of cloud and code environments.
Indicators of Compromise (12)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 21d2470cae072cf2d027d473d168158c 2026-04-03
FileHash-MD5 db7f4c82c732e8b107492cae419740ab 2026-04-03
FileHash-SHA1 07d889e2dadce6f3910dcbc253317d28ca61c766 2026-04-03
FileHash-SHA1 2553649f2322049666871cea80a5d0d6adc700ca 2026-04-03
FileHash-SHA1 d6f3f62fd3b9f5432f5782b62d8cfd5247d5ee71 2026-04-03
FileHash-SHA256 58401c195fe0a6204b42f5f90995ece5fab74ce7c69c67a24c61a057325af668 2026-04-03
FileHash-SHA256 5bb67e88846096f1f8d42a0f0350c9c46260591567612ff9af46f98d1b7571cd 2026-04-03
URL http://sfrclak.com:8000/6202033 2026-04-03
domain callnrwise.com 2026-04-03
domain chickencoinwin.website 2026-04-03
domain focusrecruitment.careers 2026-04-03
domain sfrclak.com 2026-04-03
References (1)
↗ https://www.sentinelone.com/blog/securing-the-supply-chain-how-sentinelones-ai-edr-stops-the-axios-attack-autonomously/