Ingest OSV - Cloud Storage

github-actions · github-actions · commit 797807781f50 · 2026-03-21T19:40:04.000Z
diff --git a/config/start-keys.yaml b/config/start-keys.yaml
@@ -1,7 +1,7 @@
 amazon-inspector:
     IN-MAL-: IN-MAL-2026-000461.json
 kam193:
-    pypi/packages/malicious/osv/: cd8a969017ffb74e5c81b1721de4cd639f57a1e6
+    pypi/packages/malicious/osv/: 22c5b6b33f222fe5bb87777473653b6bc4e66233
     pypi/packages/pentest/osv/: 0d65fa30569acb74a4cd2f6968297f9cf794b510
     pypi/packages/probably_pentest/osv/: d85355ff7c5f46aa548621c0248747e10eee650a
 ossf-package-analysis:
diff --git a/osv/malicious/pypi/thisismytest/MAL-0000-kam193-a1c269bbb8340810.json b/osv/malicious/pypi/thisismytest/MAL-0000-kam193-a1c269bbb8340810.json
@@ -0,0 +1,77 @@
+{
+  "modified": "2026-03-21T19:05:47Z",
+  "published": "2026-03-21T19:05:47Z",
+  "schema_version": "1.7.4",
+  "id": "",
+  "summary": "Malicious code in thisismytest (PyPI)",
+  "details": "During installation, the package downloads and runs a remote executable, which is identified as a backdoor. It connects with a remote server and executes basic commands\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-03-thisismytest\n\n\nReasons (based on the campaign):\n\n\n - malware\n\n\n - Downloads and executes a remote executable.\n\n\n - backdoor\n\n",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "thisismytest"
+      },
+      "versions": [
+        "1.0.0",
+        "2.0.0",
+        "3.0.0",
+        "4.0.0",
+        "5.0.0"
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "EVIDENCE",
+      "url": "https://www.virustotal.com/gui/file/ac4b2c52d238bc9893450e5068dfc62b87239bc60fc339e13a714ff9e5f312de/detection"
+    },
+    {
+      "type": "EVIDENCE",
+      "url": "https://www.virustotal.com/gui/file/72603dc2a916f5e552c16c4784aea36f39fe607dfbd1523060c2299e67253549/detection"
+    },
+    {
+      "type": "WEB",
+      "url": "https://sandbox.kunai.rocks/analysis/a120c2fb-d387-4ede-beb8-72cbf8f1a219"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bad-packages.kam193.eu/pypi/package/thisismytest"
+    }
+  ],
+  "credits": [
+    {
+      "name": "Kamil Mańkowski (kam193)",
+      "type": "REPORTER",
+      "contact": [
+        "https://github.com/kam193",
+        "https://bad-packages.kam193.eu/"
+      ]
+    }
+  ],
+  "database_specific": {
+    "iocs": {
+      "ips": [
+        "101.47.72.91"
+      ],
+      "urls": [
+        "http://115.190.98.52/java"
+      ]
+    },
+    "malicious-packages-origins": [
+      {
+        "source": "kam193",
+        "sha256": "a1c269bbb834081025da993697e3e2e44db4a97e16e21f4c792ed85391772fa9",
+        "import_time": "2026-03-21T19:39:52.895404088Z",
+        "id": "pypi/2026-03-thisismytest/thisismytest",
+        "modified_time": "2026-03-21T19:05:47.574472Z",
+        "versions": [
+          "1.0.0",
+          "2.0.0",
+          "3.0.0",
+          "4.0.0",
+          "5.0.0"
+        ]
+      }
+    ]
+  }
+}
