← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - Poisoning the well: AI supply chain attacks on Hugging Face and OpenClaw
WHITE celestre 2026-05-06 Modified: 2026-05-06
21
IOCs
MEDIUM VOLUME
Acronis TRU uncovered active abuse of AI platforms like Hugging Face and ClawHub for malware delivery, where attackers exploit trust in AI ecosystems and agents, and potentially trigger further malicious actions through AI-driven workflows.
windows malwareopenclaw skillarchivec2 serveramos stealerloaderdescriptionmalware c2urls httpshugging face
Indicators of Compromise (2 / 21 total)
All IPv4 FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 a37f6403fbf28fa0b48863287f4c5a5d MD5 of f0a54f2b44e557854b0a5001c4e10185884af945814786f78b86539014f78a16 2026-05-06
FileHash-MD5 b488d8d0cb6ee18af9e5800b66ff1ed9 MD5 of d781d5cabaf5f305bbb8afcd9a54d7ba616bfa7aef5c4d16f6bce3d2bf3b4073 2026-05-06
References (1)
↗ https://www.acronis.com/en/tru/posts/poisoning-the-well-ai-supply-chain-attacks-on-hugging-face-and-openclaw/#xe2h0afWXT