APT-SUPPLIER-UPDATERInitial Access

Trusted Updater Hijack (NotPetya / M.E.Doc)

Compromise a niche software vendor's update server — every customer pulls the malicious update, mass-spread inside trusted networks.

§ Where this technique fits

APT-SUPPLIER-UPDATER is catalogued under the Initial Access tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 2 on average.

§ Dossiers chaining this technique

Trusted updater hijack → wormable destructive payload (NotPetya / M.E.Doc)
Compromise a niche third-party vendor (regional tax software, niche industry tooling). Push a malicious update; every customer auto-installs it. Payload spreads via SMB + Mimikatz, wipes drives.
step 2 / 6

§ What commonly comes next

01
Supply Chain Compromise
T1195 · Initial Access
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

Trusted updater hijack → wormable destructive payload (NotPetya / M.E.Doc)

§ What commonly comes next