Ingest OSV - Cloud Storage

github-actions · github-actions · commit efad9c3a8ba5 · 2026-03-21T23:09:48.000Z
diff --git a/config/start-keys.yaml b/config/start-keys.yaml
@@ -1,11 +1,11 @@
 amazon-inspector:
     IN-MAL-: IN-MAL-2026-000461.json
 kam193:
-    pypi/packages/malicious/osv/: 22c5b6b33f222fe5bb87777473653b6bc4e66233
+    pypi/packages/malicious/osv/: 7abc59ef1080f09c33e50ed19e56c059b6f4e6c7
     pypi/packages/pentest/osv/: 0d65fa30569acb74a4cd2f6968297f9cf794b510
     pypi/packages/probably_pentest/osv/: d85355ff7c5f46aa548621c0248747e10eee650a
 ossf-package-analysis:
-    confident/: confident/20260321/101817-npm-nintendoamerica-ncom-99.0.19.json
+    confident/: confident/20260321/111943-npm-uipathisfun-1.0.24.json
 reversing-labs:
     RLMA-: RLMA-2026-01666.json
     RLUA-: RLUA-2026-01611.json
diff --git a/osv/malicious/npm/@modals/blockchain/MAL-0000-ossf-package-analysis-21323c6073b08f12.json b/osv/malicious/npm/@modals/blockchain/MAL-0000-ossf-package-analysis-21323c6073b08f12.json
@@ -0,0 +1,42 @@
+{
+  "modified": "2026-03-21T22:57:53Z",
+  "published": "2026-03-21T22:57:53Z",
+  "schema_version": "1.7.4",
+  "id": "",
+  "summary": "Malicious code in @modals/blockchain (npm)",
+  "details": "The OpenSSF Package Analysis project identified '@modals/blockchain' @ 99999.0.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@modals/blockchain"
+      },
+      "versions": [
+        "99999.0.1"
+      ]
+    }
+  ],
+  "credits": [
+    {
+      "name": "OpenSSF: Package Analysis",
+      "type": "FINDER",
+      "contact": [
+        "https://github.com/ossf/package-analysis",
+        "https://openssf.slack.com/channels/package_analysis"
+      ]
+    }
+  ],
+  "database_specific": {
+    "malicious-packages-origins": [
+      {
+        "source": "ossf-package-analysis",
+        "sha256": "21323c6073b08f12b7cdd4f39bddd6eddde6bcde93041da8b41df45b79ae89e1",
+        "import_time": "2026-03-21T23:09:18.378834745Z",
+        "modified_time": "2026-03-21T22:57:53Z",
+        "versions": [
+          "99999.0.1"
+        ]
+      }
+    ]
+  }
+}
diff --git a/osv/malicious/npm/@modals/blockchain/MAL-0000-ossf-package-analysis-22bfdc93e5d10d89.json b/osv/malicious/npm/@modals/blockchain/MAL-0000-ossf-package-analysis-22bfdc93e5d10d89.json
@@ -0,0 +1,42 @@
+{
+  "modified": "2026-03-21T22:54:09Z",
+  "published": "2026-03-21T22:54:09Z",
+  "schema_version": "1.7.4",
+  "id": "",
+  "summary": "Malicious code in @modals/blockchain (npm)",
+  "details": "The OpenSSF Package Analysis project identified '@modals/blockchain' @ 99999.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@modals/blockchain"
+      },
+      "versions": [
+        "99999.0.0"
+      ]
+    }
+  ],
+  "credits": [
+    {
+      "name": "OpenSSF: Package Analysis",
+      "type": "FINDER",
+      "contact": [
+        "https://github.com/ossf/package-analysis",
+        "https://openssf.slack.com/channels/package_analysis"
+      ]
+    }
+  ],
+  "database_specific": {
+    "malicious-packages-origins": [
+      {
+        "source": "ossf-package-analysis",
+        "sha256": "22bfdc93e5d10d896a7e0dde6d162c209e246f0bfe3c550a0a5e1185b46eeb89",
+        "import_time": "2026-03-21T23:09:18.315436975Z",
+        "modified_time": "2026-03-21T22:54:09Z",
+        "versions": [
+          "99999.0.0"
+        ]
+      }
+    ]
+  }
+}
diff --git a/osv/malicious/npm/@modals/layout/MAL-0000-ossf-package-analysis-423ea5070da3529e.json b/osv/malicious/npm/@modals/layout/MAL-0000-ossf-package-analysis-423ea5070da3529e.json
@@ -0,0 +1,42 @@
+{
+  "modified": "2026-03-21T22:54:07Z",
+  "published": "2026-03-21T22:54:07Z",
+  "schema_version": "1.7.4",
+  "id": "",
+  "summary": "Malicious code in @modals/layout (npm)",
+  "details": "The OpenSSF Package Analysis project identified '@modals/layout' @ 99999.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@modals/layout"
+      },
+      "versions": [
+        "99999.0.0"
+      ]
+    }
+  ],
+  "credits": [
+    {
+      "name": "OpenSSF: Package Analysis",
+      "type": "FINDER",
+      "contact": [
+        "https://github.com/ossf/package-analysis",
+        "https://openssf.slack.com/channels/package_analysis"
+      ]
+    }
+  ],
+  "database_specific": {
+    "malicious-packages-origins": [
+      {
+        "source": "ossf-package-analysis",
+        "sha256": "423ea5070da3529e74e772e47cd0109f3dfc4a483645bfd0537e9007bd9ec60d",
+        "import_time": "2026-03-21T23:09:18.220892275Z",
+        "modified_time": "2026-03-21T22:54:07Z",
+        "versions": [
+          "99999.0.0"
+        ]
+      }
+    ]
+  }
+}
diff --git a/osv/malicious/npm/@modals/layout/MAL-0000-ossf-package-analysis-96441eae186edd4e.json b/osv/malicious/npm/@modals/layout/MAL-0000-ossf-package-analysis-96441eae186edd4e.json
@@ -0,0 +1,42 @@
+{
+  "modified": "2026-03-21T22:57:55Z",
+  "published": "2026-03-21T22:57:55Z",
+  "schema_version": "1.7.4",
+  "id": "",
+  "summary": "Malicious code in @modals/layout (npm)",
+  "details": "The OpenSSF Package Analysis project identified '@modals/layout' @ 99999.0.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@modals/layout"
+      },
+      "versions": [
+        "99999.0.1"
+      ]
+    }
+  ],
+  "credits": [
+    {
+      "name": "OpenSSF: Package Analysis",
+      "type": "FINDER",
+      "contact": [
+        "https://github.com/ossf/package-analysis",
+        "https://openssf.slack.com/channels/package_analysis"
+      ]
+    }
+  ],
+  "database_specific": {
+    "malicious-packages-origins": [
+      {
+        "source": "ossf-package-analysis",
+        "sha256": "96441eae186edd4ea411d23ed37960f469e9609f6ab9af1b6fd0d2ca3143d6c7",
+        "import_time": "2026-03-21T23:09:18.449475805Z",
+        "modified_time": "2026-03-21T22:57:55Z",
+        "versions": [
+          "99999.0.1"
+        ]
+      }
+    ]
+  }
+}
diff --git a/osv/malicious/pypi/aiolrucache/MAL-0000-kam193-8b847ab6789b3a38.json b/osv/malicious/pypi/aiolrucache/MAL-0000-kam193-8b847ab6789b3a38.json
@@ -0,0 +1,55 @@
+{
+  "modified": "2026-03-21T22:53:52Z",
+  "published": "2026-03-21T22:53:52Z",
+  "schema_version": "1.7.4",
+  "id": "",
+  "summary": "Malicious code in aiolrucache (PyPI)",
+  "details": "The package masquerades as a utility, but during import, code loads obfuscated modules with RAT- and spyware-like functionality, including: exfiltrating files, executing remote code, taking screenshots, monitoring and exfiltrating the clipboard content. Malicious code is controlled via Discord.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-03-aiolrucache\n\n\nReasons (based on the campaign):\n\n\n - rat\n\n\n - spyware-like\n\n\n - keylogger\n\n\n - clipboard-stealing\n\n\n - obfuscation\n\n\n - files-exfiltration\n\n",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "aiolrucache"
+      },
+      "versions": [
+        "0.1.0",
+        "0.1.1",
+        "0.2.0",
+        "0.3.0"
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://bad-packages.kam193.eu/pypi/package/aiolrucache"
+    }
+  ],
+  "credits": [
+    {
+      "name": "Kamil Mańkowski (kam193)",
+      "type": "REPORTER",
+      "contact": [
+        "https://github.com/kam193",
+        "https://bad-packages.kam193.eu/"
+      ]
+    }
+  ],
+  "database_specific": {
+    "malicious-packages-origins": [
+      {
+        "source": "kam193",
+        "sha256": "8b847ab6789b3a3848d887f76adae74d05523dd4cb1a974372518679d27ed70e",
+        "import_time": "2026-03-21T23:09:36.572115179Z",
+        "id": "pypi/2026-03-aiolrucache/aiolrucache",
+        "modified_time": "2026-03-21T22:53:52.472149Z",
+        "versions": [
+          "0.1.0",
+          "0.1.1",
+          "0.2.0",
+          "0.3.0"
+        ]
+      }
+    ]
+  }
+}
