Dynamic Module Loading for Code Execution - ATR-2026-00112 (b2c41edb-0aa4-5e65-8839-9a7ee6c2da07)
Detects dynamic module loading where the module path is a variable rather than a string literal. This pattern allows an attacker to control which code is loaded at runtime, enabling injection of malicious modules, WebAssembly payloads, or native libraries. Unlike static imports which are auditable, dynamic imports with variable paths can resolve to attacker-controlled code.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Dynamic Module Loading for Code Execution - ATR-2026-00112 (b2c41edb-0aa4-5e65-8839-9a7ee6c2da07) | Agent Threat Rules | Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65) | Attack Pattern | 1 |