MITRE ATT&CK Technique
Initial Access T1195.002
Description

Adversaries may manipulate application software prior to receipt by a final consumer for the purpose of data or system compromise. Supply chain compromise of software can take place in a number of ways, including manipulation of the application source code, manipulation of the update/distribution mechanism for that software, or replacing compiled releases with a modified version. Targeting may be specific to a desired victim set or may be distributed to a broad set of consumers but only move on to additional tactics on specific victims.(Citation: Avast CCleaner3 2018)(Citation: Command Five SK 2011)

Supported Platforms
Linux Windows macOS
Created

April 29, 2026

Last Updated

April 29, 2026

STIX Data 
{'created': '2020-03-11T14:17:21.153Z',
 'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'description': 'Adversaries may manipulate application software prior to '
                'receipt by a final consumer for the purpose of data or system '
                'compromise. Supply chain compromise of software can take '
                'place in a number of ways, including manipulation of the '
                'application source code, manipulation of the '
                'update/distribution mechanism for that software, or replacing '
                'compiled releases with a modified version.\n'
                '\n'
                'Targeting may be specific to a desired victim set or may be '
                'distributed to a broad set of consumers but only move on to '
                'additional tactics on specific victims.(Citation: Avast '
                'CCleaner3 2018)(Citation: Command Five SK 2011)  ',
 'external_references': [{'external_id': 'T1195.002',
                          'source_name': 'mitre-attack',
                          'url': 'https://attack.mitre.org/techniques/T1195/002'},
                         {'description': 'Avast Threat Intelligence Team. '
                                         '(2018, March 8). New investigations '
                                         'into the CCleaner incident point to '
                                         'a possible third stage that had '
                                         'keylogger capacities. Retrieved '
                                         'March 15, 2018.',
                          'source_name': 'Avast CCleaner3 2018',
                          'url': 'https://blog.avast.com/new-investigations-in-ccleaner-incident-point-to-a-possible-third-stage-that-had-keylogger-capacities'},
                         {'description': 'Command Five Pty Ltd. (2011, '
                                         'September). SK Hack by an Advanced '
                                         'Persistent Threat. Retrieved '
                                         'November 17, 2024.',
                          'source_name': 'Command Five SK 2011',
                          'url': 'https://web.archive.org/web/20160309235002/https://www.commandfive.com/papers/C5_APT_SKHack.pdf'}],
 'id': 'attack-pattern--bd369cd9-abb8-41ce-b5bb-fff23ee86c00',
 'kill_chain_phases': [{'kill_chain_name': 'mitre-attack',
                        'phase_name': 'initial-access'}],
 'modified': '2025-10-24T17:49:18.341Z',
 'name': 'Compromise Software Supply Chain',
 'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
 'revoked': False,
 'spec_version': '2.1',
 'type': 'attack-pattern',
 'x_mitre_attack_spec_version': '3.2.0',
 'x_mitre_deprecated': False,
 'x_mitre_detection': '',
 'x_mitre_domains': ['enterprise-attack'],
 'x_mitre_is_subtechnique': True,
 'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'x_mitre_platforms': ['Linux', 'Windows', 'macOS'],
 'x_mitre_version': '1.1'}
Quick Actions
Edit TTP Update from Web
Related Threat Actors (9)
FIN7
High
Dragonfly
High
Daggerfly
High
Sandworm Team
High
Cobalt Group
High
View All 9 Actors
Back to TTPs
Dashboard About