Assign IDs

Author: github-actions

osv/malicious/.id-allocator

@@ -1 +1 @@
-85c203107310a6b8e601278563523493b602d2646b052fe8d1bbbe7ae3623f15
+06306d25c0e7fdc3e9320ba173f022e8a646577ad8a87bf822c36cd0409fce15

…le/MAL-0000-kam193-cd10a24231fb7b68.json …pypi/apply-hive-table/MAL-2026-2112.jsonosv/malicious/pypi/apply-hive-table/MAL-0000-kam193-cd10a24231fb7b68.json renamed to osv/malicious/pypi/apply-hive-table/MAL-2026-2112.json osv/malicious/pypi/apply-hive-table/MAL-0000-kam193-cd10a24231fb7b68.json renamed to osv/malicious/pypi/apply-hive-table/MAL-2026-2112.json

@@ -2,9 +2,9 @@
   "modified": "2026-03-23T14:19:12Z",
   "published": "2026-03-23T14:19:12Z",
   "schema_version": "1.7.4",
-  "id": "",
+  "id": "MAL-2026-2112",
   "summary": "Malicious code in apply-hive-table (PyPI)",
-  "details": "In specific environments, during installation, the package attempts to exfiltrate some basic information using DNS requests and then cover tracks by installing a similarly named package from the local private repository\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-02-urllib-slim\n\n\nReasons (based on the campaign):\n\n\n - typosquatting\n\n\n - Downloads and executes a remote executable.\n\n\n - obfuscation\n\n\n - dependency-confusion\n\n",
+  "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (cd10a24231fb7b6830827a26ee11d450938fce94e811f0c233c6a63a8e3c98d9)\nIn specific environments, during installation, the package attempts to exfiltrate some basic information using DNS requests and then cover tracks by installing a similarly named package from the local private repository\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-02-urllib-slim\n\n\nReasons (based on the campaign):\n\n\n - typosquatting\n\n\n - Downloads and executes a remote executable.\n\n\n - obfuscation\n\n\n - dependency-confusion\n",
   "affected": [
     {
       "package": {
@@ -51,11 +51,11 @@
     },
     "malicious-packages-origins": [
       {
-        "source": "kam193",
-        "sha256": "cd10a24231fb7b6830827a26ee11d450938fce94e811f0c233c6a63a8e3c98d9",
-        "import_time": "2026-03-23T14:52:56.131890399Z",
         "id": "pypi/2026-02-urllib-slim/apply-hive-table",
+        "import_time": "2026-03-23T14:52:56.131890399Z",
         "modified_time": "2026-03-23T14:19:12.089912Z",
+        "sha256": "cd10a24231fb7b6830827a26ee11d450938fce94e811f0c233c6a63a8e3c98d9",
+        "source": "kam193",
         "versions": [
           "3.1.4",
           "3.1.5"

osv/malicious/pypi/dmclc/MAL-0000-kam193-29d8ca432d1f2069.json

@@ -1,5 +1,5 @@
 {
-  "modified": "2026-03-23T14:05:43Z",
+  "modified": "2026-03-23T14:54:38Z",
   "published": "2026-03-23T14:05:43Z",
   "schema_version": "1.7.4",
   "id": "MAL-2026-2106",
@@ -58,11 +58,29 @@
     },
     "malicious-packages-origins": [
       {
-        "id": "pypi/2026-02-urllib-slim/dmclc",
+        "source": "kam193",
+        "sha256": "895439e6afba407fb85d315e2c99f0d1434905a1ee72b172e62d55abbb8c93a3",
         "import_time": "2026-03-23T14:29:23.854372764Z",
+        "id": "pypi/2026-02-urllib-slim/dmclc",
         "modified_time": "2026-03-23T14:05:43.559439Z",
-        "sha256": "895439e6afba407fb85d315e2c99f0d1434905a1ee72b172e62d55abbb8c93a3",
+        "versions": [
+          "2.1.0",
+          "2.1.1",
+          "2.1.2",
+          "2.1.3",
+          "2.1.5",
+          "2.1.6",
+          "2.1.7",
+          "2.1.9",
+          "2.1.10"
+        ]
+      },
+      {
         "source": "kam193",
+        "sha256": "29d8ca432d1f2069462955be4a4ea77b5f7c8ee81ec568291be5b0ffce0aeebb",
+        "import_time": "2026-03-23T14:52:56.133313105Z",
+        "id": "pypi/2026-02-urllib-slim/dmclc",
+        "modified_time": "2026-03-23T14:05:43.559439Z",
         "versions": [
           "2.1.0",
           "2.1.1",

osv/malicious/pypi/dmclc/MAL-2026-2106.json

@@ -2,9 +2,9 @@
   "modified": "2026-03-20T15:31:01Z",
   "published": "2026-03-20T15:31:01Z",
   "schema_version": "1.7.4",
-  "id": "",
+  "id": "MAL-2026-2113",
   "summary": "Malicious code in gcpipwrap (PyPI)",
-  "details": "These packages are used as build dependencies of malicious packages in newer waves of the campaign 2026-02-urllib-slim. They are used to split the malicious action between dependencies and are not malicious alone, but are used together to: exfiltrate information through DNS, collect information about the processes and covering tracks by installing packages from local private repositories.\n\nPackage nspack additionally notifies upon importing a domain known for malicious activity with the package and hostname.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-03-geekennedy\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n\n\n - The malicious code is intentionally included in a dependency of the package\n\n",
+  "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (af8d2f3dec668a16adf691aa26e16be82e62c2cdf993da1f4ff4afaceac30e92)\nThese packages are used as build dependencies of malicious packages in newer waves of the campaign 2026-02-urllib-slim. They are used to split the malicious action between dependencies and are not malicious alone, but are used together to: exfiltrate information through DNS, collect information about the processes and covering tracks by installing packages from local private repositories.\n\nPackage nspack additionally notifies upon importing a domain known for malicious activity with the package and hostname.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-03-geekennedy\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n\n\n - The malicious code is intentionally included in a dependency of the package\n",
   "affected": [
     {
       "package": {
@@ -47,11 +47,11 @@
     },
     "malicious-packages-origins": [
       {
-        "source": "kam193",
-        "sha256": "af8d2f3dec668a16adf691aa26e16be82e62c2cdf993da1f4ff4afaceac30e92",
-        "import_time": "2026-03-23T14:52:56.133889791Z",
         "id": "pypi/2026-03-geekennedy/gcpipwrap",
+        "import_time": "2026-03-23T14:52:56.133889791Z",
         "modified_time": "2026-03-20T15:31:01.824679Z",
+        "sha256": "af8d2f3dec668a16adf691aa26e16be82e62c2cdf993da1f4ff4afaceac30e92",
+        "source": "kam193",
         "versions": [
           "0.1.2",
           "0.1.3",

…ap/MAL-0000-kam193-af8d2f3dec668a16.json …icious/pypi/gcpipwrap/MAL-2026-2113.jsonosv/malicious/pypi/gcpipwrap/MAL-0000-kam193-af8d2f3dec668a16.json renamed to osv/malicious/pypi/gcpipwrap/MAL-2026-2113.json osv/malicious/pypi/gcpipwrap/MAL-0000-kam193-af8d2f3dec668a16.json renamed to osv/malicious/pypi/gcpipwrap/MAL-2026-2113.json

@@ -2,9 +2,9 @@
   "modified": "2026-03-20T15:31:24Z",
   "published": "2026-03-20T15:31:24Z",
   "schema_version": "1.7.4",
-  "id": "",
+  "id": "MAL-2026-2114",
   "summary": "Malicious code in indpack (PyPI)",
-  "details": "These packages are used as build dependencies of malicious packages in newer waves of the campaign 2026-02-urllib-slim. They are used to split the malicious action between dependencies and are not malicious alone, but are used together to: exfiltrate information through DNS, collect information about the processes and covering tracks by installing packages from local private repositories.\n\nPackage nspack additionally notifies upon importing a domain known for malicious activity with the package and hostname.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-03-geekennedy\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n\n\n - The malicious code is intentionally included in a dependency of the package\n\n",
+  "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (85f1ca1d5abdcf2139039fc5e8a08068a8c2cacca8a31fed38fbde74f7b8c04d)\nThese packages are used as build dependencies of malicious packages in newer waves of the campaign 2026-02-urllib-slim. They are used to split the malicious action between dependencies and are not malicious alone, but are used together to: exfiltrate information through DNS, collect information about the processes and covering tracks by installing packages from local private repositories.\n\nPackage nspack additionally notifies upon importing a domain known for malicious activity with the package and hostname.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-03-geekennedy\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n\n\n - The malicious code is intentionally included in a dependency of the package\n",
   "affected": [
     {
       "package": {
@@ -41,11 +41,11 @@
     },
     "malicious-packages-origins": [
       {
-        "source": "kam193",
-        "sha256": "85f1ca1d5abdcf2139039fc5e8a08068a8c2cacca8a31fed38fbde74f7b8c04d",
-        "import_time": "2026-03-23T14:52:56.134454113Z",
         "id": "pypi/2026-03-geekennedy/indpack",
+        "import_time": "2026-03-23T14:52:56.134454113Z",
         "modified_time": "2026-03-20T15:31:24.031125Z",
+        "sha256": "85f1ca1d5abdcf2139039fc5e8a08068a8c2cacca8a31fed38fbde74f7b8c04d",
+        "source": "kam193",
         "versions": [
           "0.1.0"
         ]

…ck/MAL-0000-kam193-85f1ca1d5abdcf21.json …alicious/pypi/indpack/MAL-2026-2114.jsonosv/malicious/pypi/indpack/MAL-0000-kam193-85f1ca1d5abdcf21.json renamed to osv/malicious/pypi/indpack/MAL-2026-2114.json osv/malicious/pypi/indpack/MAL-0000-kam193-85f1ca1d5abdcf21.json renamed to osv/malicious/pypi/indpack/MAL-2026-2114.json

@@ -1,5 +1,5 @@
 {
-  "modified": "2026-03-23T14:03:21Z",
+  "modified": "2026-03-23T14:54:39Z",
   "published": "2026-03-23T14:03:21Z",
   "schema_version": "1.7.4",
   "id": "MAL-2026-2108",
@@ -50,11 +50,21 @@
     },
     "malicious-packages-origins": [
       {
-        "id": "pypi/2026-02-urllib-slim/modelconftranslator",
+        "source": "kam193",
+        "sha256": "6f61fcbf30122cbf577490fab3968c6b41f95d4d23f6916a7211066bd735ff6e",
         "import_time": "2026-03-23T14:29:23.859056307Z",
+        "id": "pypi/2026-02-urllib-slim/modelconftranslator",
         "modified_time": "2026-03-23T14:03:21.631203Z",
-        "sha256": "6f61fcbf30122cbf577490fab3968c6b41f95d4d23f6916a7211066bd735ff6e",
+        "versions": [
+          "8.13.4"
+        ]
+      },
+      {
         "source": "kam193",
+        "sha256": "3e044e5a77e116a3c892a4190bf3671c28005c9687da613b83969372b7fe02f2",
+        "import_time": "2026-03-23T14:52:56.135175112Z",
+        "id": "pypi/2026-02-urllib-slim/modelconftranslator",
+        "modified_time": "2026-03-23T14:03:21.631203Z",
         "versions": [
           "8.13.4"
         ]

osv/malicious/pypi/modelconftranslator/MAL-0000-kam193-3e044e5a77e116a3.json

@@ -2,9 +2,9 @@
   "modified": "2026-03-20T15:28:57Z",
   "published": "2026-03-20T15:28:57Z",
   "schema_version": "1.7.4",
-  "id": "",
+  "id": "MAL-2026-2115",
   "summary": "Malicious code in nspack (PyPI)",
-  "details": "These packages are used as build dependencies of malicious packages in newer waves of the campaign 2026-02-urllib-slim. They are used to split the malicious action between dependencies and are not malicious alone, but are used together to: exfiltrate information through DNS, collect information about the processes and covering tracks by installing packages from local private repositories.\n\nPackage nspack additionally notifies upon importing a domain known for malicious activity with the package and hostname.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-03-geekennedy\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n\n\n - The malicious code is intentionally included in a dependency of the package\n\n",
+  "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (7741f090145e1e4bbd7998edba9c8151bd5dd3380adaa430e8f05cb2c814396f)\nThese packages are used as build dependencies of malicious packages in newer waves of the campaign 2026-02-urllib-slim. They are used to split the malicious action between dependencies and are not malicious alone, but are used together to: exfiltrate information through DNS, collect information about the processes and covering tracks by installing packages from local private repositories.\n\nPackage nspack additionally notifies upon importing a domain known for malicious activity with the package and hostname.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-03-geekennedy\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n\n\n - The malicious code is intentionally included in a dependency of the package\n",
   "affected": [
     {
       "package": {
@@ -48,11 +48,11 @@
     },
     "malicious-packages-origins": [
       {
-        "source": "kam193",
-        "sha256": "7741f090145e1e4bbd7998edba9c8151bd5dd3380adaa430e8f05cb2c814396f",
-        "import_time": "2026-03-23T14:52:56.135771589Z",
         "id": "pypi/2026-03-geekennedy/nspack",
+        "import_time": "2026-03-23T14:52:56.135771589Z",
         "modified_time": "2026-03-20T15:28:57.429852Z",
+        "sha256": "7741f090145e1e4bbd7998edba9c8151bd5dd3380adaa430e8f05cb2c814396f",
+        "source": "kam193",
         "versions": [
           "0.1.0",
           "0.1.2",