← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - Poisoning the well: AI supply chain attacks on Hugging Face and OpenClaw
WHITE celestre 2026-05-06 Modified: 2026-05-06
21
IOCs
MEDIUM VOLUME
Acronis TRU uncovered active abuse of AI platforms like Hugging Face and ClawHub for malware delivery, where attackers exploit trust in AI ecosystems and agents, and potentially trigger further malicious actions through AI-driven workflows.
windows malwareopenclaw skillarchivec2 serveramos stealerloaderdescriptionmalware c2urls httpshugging face
Indicators of Compromise (2 / 21 total)
All IPv4 FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 93b3d3925ccc201ab0f16017153a79ef05b8f5c2 SHA1 of d781d5cabaf5f305bbb8afcd9a54d7ba616bfa7aef5c4d16f6bce3d2bf3b4073 2026-05-06
FileHash-SHA1 a396ec79d8e33ca984c7ffc7ee4d7d2caa8412ee SHA1 of f0a54f2b44e557854b0a5001c4e10185884af945814786f78b86539014f78a16 2026-05-06
References (1)
↗ https://www.acronis.com/en/tru/posts/poisoning-the-well-ai-supply-chain-attacks-on-hugging-face-and-openclaw/#xe2h0afWXT