Home/ MITRE Matrix/ Initial Access/ T1189

T1189Drive-by Compromise

T1189 — Drive-by Compromise is a MITRE ATT&CK technique in the Initial Access tactic. Clankerusecase tracks 7 detection use cases covering it and 5 threat-intel articles citing it.

Initial Access

View on the matrix → Filter Detection Library MITRE official spec ↗

7Use cases

5Articles

0Sub-techniques

1Tactic

Use cases covering this technique (7)

Detect hosts connecting to dynamic domain providers ESCU actions · alerting P [LLM] Unpatched Chrome vulnerable to CVE-2026-11645 and 2026 in-the-wild zero-days Bespoke exploit · hunting DSP [LLM] Chrome process executing with pre-fix V8 version (149.0.7827.<102) post-disclosure Bespoke exploit · hunting DSP [LLM] Roblox cheat/exploit download on enterprise endpoint (Lumma Stealer entry vector) Bespoke delivery · alerting DSΣPDDCS [LLM] Browser load of Beamglea redirect-* or mad-* package script from unpkg.com Bespoke exploit · alerting DSΣPDDCS [LLM] Polyfill.io supply-chain compromise: egress to Funnull-controlled CDN cluster Bespoke delivery · alerting DSΣPDDCS [LLM] Unpatched libwebp-bundling apps in software inventory (Chrome, Electron, 1Password, ImageMagick, GIMP, ffmpeg) Bespoke weapon · hunting DSP

Articles citing this technique (5)

crit Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now art-84

high It's time to treat browser extensions like supply chain attack vectors art-354

crit Phishing Campaign Leveraging the NPM Ecosystem art-754

crit Polyfill supply chain attack embeds malware in JavaScript CDN assets art-1218

high Critical WebP 0-day security CVE-2023-4863 impacts wider software ecosystem art-1370