T1204.005

Malicious Library

Adversaries may rely on a user installing a malicious library to facilitate execution. Threat actors may [Upload Malware](https://attack.mitre.org/techniques/T1608/001) to package managers such as NPM and PyPi, as well as to public code repositories such as GitHub. User may install libraries without realizing they are malicious, thus bypassing techniques that specifically achieve Initial Access. This can lead to the execution of malicious code, such as code that establishes persistence, steals d...

LinuxmacOSWindows

Detections

Sources

Threat Actors

BY SOURCE

1elastic

PROCEDURES (1)

Script Execution Monitoring1 detections

Auto-extracted: 1 detections for script execution monitoring

THREAT ACTORS (1)

Contagious Interview

DETECTIONS (1)

Node.js Pre or Post-Install Script Execution

elasticmedium