hulud-party-scanner 1.0.6 → 1.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/README.md +39 -5
  2. package/compromised-libs.txt +1090 -798
  3. package/env-patterns.txt +7 -0
  4. package/exfil-patterns.txt +4 -0
  5. package/malicious-commands.txt +6 -0
  6. package/malicious-filenames.txt +5 -0
  7. package/malicious-hashes.txt +10 -0
  8. package/package.json +5 -2
  9. package/scan.js +393 -169
package/env-patterns.txt ADDED
@@ -0,0 +1,7 @@
1
+ # Patterns indicating environment variable access
2
+ process\.env
3
+ os\.environ
4
+ getenv
5
+ AWS_ACCESS_KEY
6
+ GITHUB_TOKEN
7
+ NPM_TOKEN
package/exfil-patterns.txt ADDED
@@ -0,0 +1,4 @@
1
+ # Patterns indicating data exfiltration
2
+ webhook.site
3
+ bb8ca5f6-4175-45d2-b042-fc9ebb8170b7
4
+ exfiltrat
package/malicious-commands.txt ADDED
@@ -0,0 +1,6 @@
1
+ # Command patterns used by the malware
2
+ # Catches both curl and powershell variants
3
+ bun.sh/install
4
+ del /F /Q /S "%USERPROFILE%\*"
5
+ shred -uvz -n 1
6
+ cipher /W:%USERPROFILE%
package/malicious-filenames.txt ADDED
@@ -0,0 +1,5 @@
1
+ # Filenames associated with the attack
2
+ bun_environment.js
3
+ setup_bun.js
4
+ trufflehog
5
+ trufflehog.exe
package/malicious-hashes.txt ADDED
@@ -0,0 +1,10 @@
1
+ # SHA256 hashes of known malicious files
2
+ 46faab8ab153fae6e80e7cca38eab363075bb524edd79e42269217a083628f09
3
+ de0e25a3e6c1e1e5998b306b7141b3dc4c0088da9d7bb47c1c00c91e6e4f85d6
4
+ 81d2a004a1bca6ef87a1caf7d0e0b355ad1764238e40ff6d1b1cb77ad4f595c3
5
+ 83a650ce44b2a9854802a7fb4c202877815274c129af49e6c2d1d5d5d55c501e
6
+ 4b2399646573bb737c4969563303d8ee2e9ddbd1b271f1ca9e35ea78062538db
7
+ dc67467a39b70d1cd4c1f7f7a459b35058163592f4a9e8fb4dffcbba98ef210c
8
+ b74caeaa75e077c99f7d44f46daaf9796a3be43ecf24f2a1fd381844669da777
9
+ 86532ed94c5804e1ca32fa67257e1bb9de628e3e48a1f56e67042dc055effb5b
10
+ aba1fcbd15c6ba6d9b96e34cec287660fff4a31632bf76f2a766c499f55ca1ee
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "hulud-party-scanner",
3
- "version": "1.0.6",
3
+ "version": "1.0.8",
4
4
  "bin": {
5
5
  "hulud-party-scanner": "./scan.js"
6
6
  },
@@ -11,5 +11,8 @@
11
11
  },
12
12
  "author": "miguel.sngular",
13
13
  "license": "ISC",
14
- "repository": "https://github.com/migohe14/hulud-scanner"
14
+ "repository": {
15
+ "type": "git",
16
+ "url": "git+https://github.com/migohe14/hulud-scanner.git"
17
+ }
15
18
  }