<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>TanStack-Supply-Chain on Detection.FYI</title>
    <link>https://detection.fyi/sigmahq/sigma/emerging-threats/2026/malware/tanstack-supply-chain/</link>
    <description>Recent content in TanStack-Supply-Chain on Detection.FYI</description>
    <generator>Hugo -- gohugo.io</generator>
    <copyright> </copyright>
    <lastBuildDate>Thu, 09 Jul 2026 14:03:12 +0000</lastBuildDate><atom:link href="https://detection.fyi/sigmahq/sigma/emerging-threats/2026/malware/tanstack-supply-chain/index.xml" rel="self" type="application/rss+xml" />
    <item>
      <title>TanStack Supply-Chain Attack DNS Indicators</title>
      <link>https://detection.fyi/sigmahq/sigma/emerging-threats/2026/malware/tanstack-supply-chain/dns_query_win_malware_tanstack_supply_chain_c2/</link>
      <pubDate>Thu, 09 Jul 2026 14:03:12 +0000</pubDate>
      
      <guid>https://detection.fyi/sigmahq/sigma/emerging-threats/2026/malware/tanstack-supply-chain/dns_query_win_malware_tanstack_supply_chain_c2/</guid>
      <description>
        
          
            Detects DNS queries to attacker-controlled infrastructure used by the Mini Shai-Hulud campaign targeting TanStack npm packages along with other packages such as mistralai, uipath and so on.
The domain git-tanstack.com (registered May 9, 2026) hosted secondary payloads including transformers.pyz.
The filev2.getsession.org endpoint was used for credential exfiltration via the Session protocol.

          
          
        
      </description>
    </item>
    
    <item>
      <title>TanStack Supply-Chain Attack Execution Indicators - Linux</title>
      <link>https://detection.fyi/sigmahq/sigma/emerging-threats/2026/malware/tanstack-supply-chain/proc_creation_lnx_malware_tanstack_supply_chain/</link>
      <pubDate>Thu, 09 Jul 2026 14:03:12 +0000</pubDate>
      
      <guid>https://detection.fyi/sigmahq/sigma/emerging-threats/2026/malware/tanstack-supply-chain/proc_creation_lnx_malware_tanstack_supply_chain/</guid>
      <description>
        
          
            Detects process execution indicators associated with the Mini Shai-Hulud supply-chain campaign targeting TanStack npm packages and others such as mistralai and uipath reported on early May 2026.
The preinstall hook runs setup.mjs, which downloads a platform-specific Bun runtime.

          
          
        
      </description>
    </item>
    
    <item>
      <title>TanStack Supply-Chain Attack Execution Indicators - Windows</title>
      <link>https://detection.fyi/sigmahq/sigma/emerging-threats/2026/malware/tanstack-supply-chain/proc_creation_win_malware_tanstack_supply_chain/</link>
      <pubDate>Thu, 09 Jul 2026 14:03:12 +0000</pubDate>
      
      <guid>https://detection.fyi/sigmahq/sigma/emerging-threats/2026/malware/tanstack-supply-chain/proc_creation_win_malware_tanstack_supply_chain/</guid>
      <description>
        
          
            Detects process execution indicators associated with the Mini Shai-Hulud supply-chain campaign targeting TanStack npm packages and others such as mistralai, uipath reported on early May 2026.
          
          
        
      </description>
    </item>
    
    <item>
      <title>TanStack Supply-Chain Attack File Creation Indicators - Linux</title>
      <link>https://detection.fyi/sigmahq/sigma/emerging-threats/2026/malware/tanstack-supply-chain/file_event_lnx_malware_tanstack_supply_chain/</link>
      <pubDate>Thu, 09 Jul 2026 14:03:12 +0000</pubDate>
      
      <guid>https://detection.fyi/sigmahq/sigma/emerging-threats/2026/malware/tanstack-supply-chain/file_event_lnx_malware_tanstack_supply_chain/</guid>
      <description>
        
          
            Detects file creation indicators associated with the Mini Shai-Hulud supply-chain campaign targeting TanStack npm packages and others such as mistralai and uipath reported on early May 2026.
          
          
        
      </description>
    </item>
    
    <item>
      <title>TanStack Supply-Chain Attack File Creation Indicators - Windows</title>
      <link>https://detection.fyi/sigmahq/sigma/emerging-threats/2026/malware/tanstack-supply-chain/file_event_win_malware_tanstack_supply_chain/</link>
      <pubDate>Thu, 09 Jul 2026 14:03:12 +0000</pubDate>
      
      <guid>https://detection.fyi/sigmahq/sigma/emerging-threats/2026/malware/tanstack-supply-chain/file_event_win_malware_tanstack_supply_chain/</guid>
      <description>
        
          
            Detects file creation indicators associated with the Mini Shai-Hulud supply-chain campaign targeting TanStack npm packages and others such as mistralai, uipath, etc reported on early May 2026.
          
          
        
      </description>
    </item>
    
  </channel>
</rss>
