Ingest OSV - Cloud Storage

github-actions · github-actions · commit ff4f580b8b8f · 2026-03-22T23:10:55.000Z
diff --git a/config/start-keys.yaml b/config/start-keys.yaml
@@ -1,11 +1,11 @@
 amazon-inspector:
     IN-MAL-: IN-MAL-2026-000461.json
 kam193:
-    pypi/packages/malicious/osv/: 9e3a2a5b085a3cac6a1e2c878da256e2ae8ee20f
+    pypi/packages/malicious/osv/: bb41a4f73ad0342574c255a4f4509acf5176e023
     pypi/packages/pentest/osv/: 0d65fa30569acb74a4cd2f6968297f9cf794b510
     pypi/packages/probably_pentest/osv/: d85355ff7c5f46aa548621c0248747e10eee650a
 ossf-package-analysis:
-    confident/: confident/20260321/225755-npm-@modals/layout-99999.0.1.json
+    confident/: confident/20260322/072042-npm-remitly-blog-99999.0.0.json
 reversing-labs:
     RLMA-: RLMA-2026-01666.json
     RLUA-: RLUA-2026-01611.json
diff --git a/osv/malicious/npm/@thiagoemmanuell/unhandledrejection/MAL-0000-ossf-package-analysis-5ac41fed5a1a3457.json b/osv/malicious/npm/@thiagoemmanuell/unhandledrejection/MAL-0000-ossf-package-analysis-5ac41fed5a1a3457.json
@@ -0,0 +1,42 @@
+{
+  "modified": "2026-03-22T19:19:54Z",
+  "published": "2026-03-22T19:19:54Z",
+  "schema_version": "1.7.4",
+  "id": "",
+  "summary": "Malicious code in @thiagoemmanuell/unhandledrejection (npm)",
+  "details": "The OpenSSF Package Analysis project identified '@thiagoemmanuell/unhandledrejection' @ 1.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@thiagoemmanuell/unhandledrejection"
+      },
+      "versions": [
+        "1.0.0"
+      ]
+    }
+  ],
+  "credits": [
+    {
+      "name": "OpenSSF: Package Analysis",
+      "type": "FINDER",
+      "contact": [
+        "https://github.com/ossf/package-analysis",
+        "https://openssf.slack.com/channels/package_analysis"
+      ]
+    }
+  ],
+  "database_specific": {
+    "malicious-packages-origins": [
+      {
+        "source": "ossf-package-analysis",
+        "sha256": "5ac41fed5a1a3457deca490f1b90216ef63d1263f041fcee111c14eddb777efd",
+        "import_time": "2026-03-22T23:10:11.31130859Z",
+        "modified_time": "2026-03-22T19:19:54Z",
+        "versions": [
+          "1.0.0"
+        ]
+      }
+    ]
+  }
+}
diff --git a/osv/malicious/npm/cms-catalogue/MAL-0000-ossf-package-analysis-e2b6e877ee3e0be9.json b/osv/malicious/npm/cms-catalogue/MAL-0000-ossf-package-analysis-e2b6e877ee3e0be9.json
@@ -0,0 +1,42 @@
+{
+  "modified": "2026-03-21T10:40:18Z",
+  "published": "2026-03-21T10:40:18Z",
+  "schema_version": "1.7.4",
+  "id": "",
+  "summary": "Malicious code in cms-catalogue (npm)",
+  "details": "The OpenSSF Package Analysis project identified 'cms-catalogue' @ 99.0.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "cms-catalogue"
+      },
+      "versions": [
+        "99.0.1"
+      ]
+    }
+  ],
+  "credits": [
+    {
+      "name": "OpenSSF: Package Analysis",
+      "type": "FINDER",
+      "contact": [
+        "https://github.com/ossf/package-analysis",
+        "https://openssf.slack.com/channels/package_analysis"
+      ]
+    }
+  ],
+  "database_specific": {
+    "malicious-packages-origins": [
+      {
+        "source": "ossf-package-analysis",
+        "sha256": "e2b6e877ee3e0be9b6fa0c5ca347f01ce90381e62e9c5ad293879cb0173b6742",
+        "import_time": "2026-03-22T23:10:11.028567254Z",
+        "modified_time": "2026-03-21T10:40:18Z",
+        "versions": [
+          "99.0.1"
+        ]
+      }
+    ]
+  }
+}
diff --git a/osv/malicious/npm/native_dep/MAL-0000-ossf-package-analysis-62fe85371a2100e5.json b/osv/malicious/npm/native_dep/MAL-0000-ossf-package-analysis-62fe85371a2100e5.json
@@ -0,0 +1,42 @@
+{
+  "modified": "2026-03-20T09:46:03Z",
+  "published": "2026-03-20T09:46:03Z",
+  "schema_version": "1.7.4",
+  "id": "",
+  "summary": "Malicious code in native_dep (npm)",
+  "details": "The OpenSSF Package Analysis project identified 'native_dep' @ 2.0.2 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "native_dep"
+      },
+      "versions": [
+        "2.0.2"
+      ]
+    }
+  ],
+  "credits": [
+    {
+      "name": "OpenSSF: Package Analysis",
+      "type": "FINDER",
+      "contact": [
+        "https://github.com/ossf/package-analysis",
+        "https://openssf.slack.com/channels/package_analysis"
+      ]
+    }
+  ],
+  "database_specific": {
+    "malicious-packages-origins": [
+      {
+        "source": "ossf-package-analysis",
+        "sha256": "62fe85371a2100e5ef011320b6359b52313ad88ec2d96d7ad1eed181d13143ec",
+        "import_time": "2026-03-22T23:10:10.928572666Z",
+        "modified_time": "2026-03-20T09:46:03Z",
+        "versions": [
+          "2.0.2"
+        ]
+      }
+    ]
+  }
+}
diff --git a/osv/malicious/npm/unhandledrejection1/MAL-0000-ossf-package-analysis-77e22c910e188d93.json b/osv/malicious/npm/unhandledrejection1/MAL-0000-ossf-package-analysis-77e22c910e188d93.json
@@ -0,0 +1,42 @@
+{
+  "modified": "2026-03-22T19:55:35Z",
+  "published": "2026-03-22T19:55:35Z",
+  "schema_version": "1.7.4",
+  "id": "",
+  "summary": "Malicious code in unhandledrejection1 (npm)",
+  "details": "The OpenSSF Package Analysis project identified 'unhandledrejection1' @ 1.0.2 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "unhandledrejection1"
+      },
+      "versions": [
+        "1.0.2"
+      ]
+    }
+  ],
+  "credits": [
+    {
+      "name": "OpenSSF: Package Analysis",
+      "type": "FINDER",
+      "contact": [
+        "https://github.com/ossf/package-analysis",
+        "https://openssf.slack.com/channels/package_analysis"
+      ]
+    }
+  ],
+  "database_specific": {
+    "malicious-packages-origins": [
+      {
+        "source": "ossf-package-analysis",
+        "sha256": "77e22c910e188d936e242af099f6bf026ceace104d9c1da3e772ba7faad05595",
+        "import_time": "2026-03-22T23:10:11.409338138Z",
+        "modified_time": "2026-03-22T19:55:35Z",
+        "versions": [
+          "1.0.2"
+        ]
+      }
+    ]
+  }
+}
diff --git a/osv/malicious/pypi/thisismytest/MAL-0000-ossf-package-analysis-19f3b6e447fea825.json b/osv/malicious/pypi/thisismytest/MAL-0000-ossf-package-analysis-19f3b6e447fea825.json
@@ -0,0 +1,42 @@
+{
+  "modified": "2026-03-21T18:24:07Z",
+  "published": "2026-03-21T18:24:07Z",
+  "schema_version": "1.7.4",
+  "id": "",
+  "summary": "Malicious code in thisismytest (PyPI)",
+  "details": "The OpenSSF Package Analysis project identified 'thisismytest' @ 4.0.0 (pypi) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "thisismytest"
+      },
+      "versions": [
+        "4.0.0"
+      ]
+    }
+  ],
+  "credits": [
+    {
+      "name": "OpenSSF: Package Analysis",
+      "type": "FINDER",
+      "contact": [
+        "https://github.com/ossf/package-analysis",
+        "https://openssf.slack.com/channels/package_analysis"
+      ]
+    }
+  ],
+  "database_specific": {
+    "malicious-packages-origins": [
+      {
+        "source": "ossf-package-analysis",
+        "sha256": "19f3b6e447fea825bca111985cb5f707015439b58f5d4982bb33b91a8f37a1c0",
+        "import_time": "2026-03-22T23:10:11.119892579Z",
+        "modified_time": "2026-03-21T18:24:07Z",
+        "versions": [
+          "4.0.0"
+        ]
+      }
+    ]
+  }
+}
diff --git a/osv/malicious/pypi/thisismytest/MAL-0000-ossf-package-analysis-421d783dd1f7d99f.json b/osv/malicious/pypi/thisismytest/MAL-0000-ossf-package-analysis-421d783dd1f7d99f.json
@@ -0,0 +1,42 @@
+{
+  "modified": "2026-03-21T18:25:55Z",
+  "published": "2026-03-21T18:25:55Z",
+  "schema_version": "1.7.4",
+  "id": "",
+  "summary": "Malicious code in thisismytest (PyPI)",
+  "details": "The OpenSSF Package Analysis project identified 'thisismytest' @ 5.0.0 (pypi) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "thisismytest"
+      },
+      "versions": [
+        "5.0.0"
+      ]
+    }
+  ],
+  "credits": [
+    {
+      "name": "OpenSSF: Package Analysis",
+      "type": "FINDER",
+      "contact": [
+        "https://github.com/ossf/package-analysis",
+        "https://openssf.slack.com/channels/package_analysis"
+      ]
+    }
+  ],
+  "database_specific": {
+    "malicious-packages-origins": [
+      {
+        "source": "ossf-package-analysis",
+        "sha256": "421d783dd1f7d99fd582b5a07e9f691a9c568faa36be4595a167fc98a6c3334e",
+        "import_time": "2026-03-22T23:10:11.212004356Z",
+        "modified_time": "2026-03-21T18:25:55Z",
+        "versions": [
+          "5.0.0"
+        ]
+      }
+    ]
+  }
+}
diff --git a/osv/malicious/pypi/utf-cleaner/MAL-0000-kam193-8382837e2b442062.json b/osv/malicious/pypi/utf-cleaner/MAL-0000-kam193-8382837e2b442062.json
@@ -0,0 +1,71 @@
+{
+  "modified": "2026-03-22T22:57:59Z",
+  "published": "2026-03-22T22:57:59Z",
+  "schema_version": "1.7.4",
+  "id": "",
+  "summary": "Malicious code in utf-cleaner (PyPI)",
+  "details": "During import, the package silently downloads and executes remote code. This code starts a web server in the separate process and listens for commands to execute from a C2 server, as well as periodically sends a beacon to C2 allowing discovery and finishing execution.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-03-old-utf-cleaner\n\n\nReasons (based on the campaign):\n\n\n - Downloads and executes a remote malicious script.\n\n\n - The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine.\n\n",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "utf-cleaner"
+      },
+      "versions": [
+        "3.3.7",
+        "3.3.8",
+        "3.3.9",
+        "3.4.0",
+        "3.4.1",
+        "3.4.2"
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/xcummins/gits/blob/main/gits/__init__.py#L24-L32"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bad-packages.kam193.eu/pypi/package/utf-cleaner"
+    }
+  ],
+  "credits": [
+    {
+      "name": "Kamil Mańkowski (kam193)",
+      "type": "REPORTER",
+      "contact": [
+        "https://github.com/kam193",
+        "https://bad-packages.kam193.eu/"
+      ]
+    }
+  ],
+  "database_specific": {
+    "iocs": {
+      "ips": [
+        "90.156.226.65"
+      ],
+      "urls": [
+        "https://github.com/xcummins/gits"
+      ]
+    },
+    "malicious-packages-origins": [
+      {
+        "source": "kam193",
+        "sha256": "8382837e2b4420621b1ac738092bf8d584dde848e0f8cd6bbf73b0fbc6f74fcb",
+        "import_time": "2026-03-22T23:10:44.29819505Z",
+        "id": "pypi/2026-03-old-utf-cleaner/utf-cleaner",
+        "modified_time": "2026-03-22T22:57:59.555318Z",
+        "versions": [
+          "3.3.7",
+          "3.3.8",
+          "3.3.9",
+          "3.4.0",
+          "3.4.1",
+          "3.4.2"
+        ]
+      }
+    ]
+  }
+}
