muaddib-scanner 2.10.5 → 2.10.7

package/README.md

@@ -30,7 +30,7 @@
 
 npm and PyPI supply-chain attacks are exploding. Shai-Hulud compromised 25K+ repos in 2025. Existing tools detect threats but don't help you respond.
 
-MUAD'DIB combines **14 parallel scanners** (158 detection rules), a **deobfuscation engine**, **inter-module dataflow analysis**, **compound scoring**, and Docker sandbox to detect known threats and suspicious behavioral patterns in npm and PyPI packages.
+MUAD'DIB combines **14 parallel scanners** (162 detection rules), a **deobfuscation engine**, **inter-module dataflow analysis**, **compound scoring**, **ML classifiers** (XGBoost), and Docker sandbox to detect known threats and suspicious behavioral patterns in npm and PyPI packages.
 
 ---
 
@@ -136,7 +136,7 @@ Ultra-strict detection with lower tolerance. Detects any network access, subproc
 muaddib scan . --webhook "https://discord.com/api/webhooks/..."
 ```
 
-Strict filtering (v2.1.2): alerts only for IOC matches, sandbox-confirmed threats, or canary token exfiltration.
+Strict filtering (v2.1.2): alerts only for IOC matches, sandbox-confirmed threats, or canary token exfiltration. Priority triage (v2.10.5): P1 (red, IOC/sandbox/canary), P2 (orange, high-score/compounds), P3 (yellow, rest).
 
 ### Behavioral anomaly detection (v2.0)
 
@@ -195,9 +195,9 @@ muaddib replay                     # Ground truth validation (46/49 TPR)
 | GitHub Actions | Shai-Hulud backdoor detection |
 | Hash Scanner | Known malicious file hashes |
 
-### 158 detection rules
+### 162 detection rules
 
-All rules are mapped to MITRE ATT&CK techniques. See [SECURITY.md](SECURITY.md#detection-rules-v2101) for the complete rules reference.
+All rules are mapped to MITRE ATT&CK techniques. See [SECURITY.md](SECURITY.md#detection-rules-v2105) for the complete rules reference.
 
 ### Detected campaigns
 
@@ -282,13 +282,13 @@ repos:
 
 | Metric | Result | Details |
 |--------|--------|---------|
-| **Wild TPR** (Datadog 17K) | **92.5%** (13,486/14,587 in-scope) | 17,922 packages. 3,335 skipped (no JS). By category: compromised_lib 97.8%, malicious_intent 92.1% |
+| **Wild TPR** (Datadog 17K) | **92.8%** (13,538/14,587 in-scope) | 17,922 packages. 3,335 skipped (no JS). By category: compromised_lib 97.8%, malicious_intent 92.1% |
 | **TPR** (Ground Truth) | **93.9%** (46/49) | 51 real attacks. 3 out-of-scope: browser-only |
-| **FPR** (Benign curated) | **10.8%** (57/529) | 529 npm packages, real source via `npm pack` |
+| **FPR** (Benign curated) | **11.0%** (58/529) | 529 npm packages, real source via `npm pack` |
 | **FPR** (Benign random) | **7.5%** (15/200) | 200 random npm packages, stratified sampling |
 | **ADR** (Adversarial + Holdout) | **96.3%** (103/107) | 67 adversarial + 40 holdout (107 available on disk), global threshold=20 |
 
-**2533 tests** across 56 files. **158 rules** (153 RULES + 5 PARANOID).
+**2643 tests** across 57 files. **162 rules** (157 RULES + 5 PARANOID).
 
 > **Methodology caveats:**
 > - TPR measured on 49 Node.js attack samples (3 browser-only excluded from 51 total)
@@ -329,11 +329,11 @@ npm test
 
 ### Testing
 
-- **2533 tests** across 56 modular test files
+- **2643 tests** across 57 modular test files
 - **56 fuzz tests** - Malformed inputs, ReDoS, unicode, binary
-- **Datadog 17K benchmark** - 17,922 real malware samples
+- **Datadog 17K benchmark** - 14,587 confirmed malware samples (in-scope)
 - **Ground truth validation** - 51 real-world attacks (93.9% TPR)
-- **False positive validation** - 10.8% FPR on 529 curated npm packages, 7.5% on 200 random
+- **False positive validation** - 11.0% FPR on 529 curated npm packages, 7.5% on 200 random
 
 ---
 
@@ -351,7 +351,7 @@ npm test
 - [Evaluation Methodology](docs/EVALUATION_METHODOLOGY.md) - Experimental protocol, holdout scores
 - [Threat Model](docs/threat-model.md) - What MUAD'DIB detects and doesn't detect
 - [Adversarial Evaluation](ADVERSARIAL.md) - Red team samples and ADR results
-- [Security Policy](SECURITY.md) - Detection rules reference (158 rules)
+- [Security Policy](SECURITY.md) - Detection rules reference (162 rules)
 - [Security Audit](docs/SECURITY_AUDIT.md) - Bypass validation report
 - [FP Analysis](docs/EVALUATION.md) - Historical false positive analysis
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "muaddib-scanner",
-  "version": "2.10.5",
+  "version": "2.10.7",
   "description": "Supply-chain threat detection & response for npm & PyPI/Python",
   "main": "src/index.js",
   "bin": {

package/src/response/playbooks.js

@@ -183,6 +183,11 @@ const PLAYBOOKS = {
   sh_c_curl_exec:
     'sh -c wrapping autour de curl detecte. Technique d\'evasion pour masquer l\'execution de commandes distantes. Analyser le contenu telecharge.',
 
+  python_time_delay_exec:
+    'ELEVE: Execution Python avec delai time.sleep() important detectee. ' +
+    'Technique d\'evasion sandbox (T1497.003) : le malware attend l\'expiration du timeout sandbox avant d\'executer le payload. ' +
+    'Verifier le code Python execute et les connexions reseau post-delai.',
+
   shai_hulud_backdoor:
     'CRITIQUE: Backdoor Shai-Hulud dans GitHub Actions. Supprimer le workflow et auditer les runs precedents.',
 

package/src/rules/index.js

@@ -1519,6 +1519,15 @@ const RULES = {
     references: ['https://attack.mitre.org/techniques/T1059/004/'],
     mitre: 'T1059.004'
   },
+  python_time_delay_exec: {
+    id: 'MUADDIB-SHELL-019',
+    name: 'Python Time Delay Execution',
+    severity: 'HIGH',
+    confidence: 0.80,
+    description: 'Execution Python avec delai time.sleep() >= 100s via child process. Technique d\'evasion sandbox (T1497.003) : le malware attend que la sandbox expire avant d\'executer le payload.',
+    references: ['https://attack.mitre.org/techniques/T1497/003/'],
+    mitre: 'T1497.003'
+  },
 
   // Intent Graph rules (v2.6.0)
   detached_credential_exfil: {

package/src/sandbox/index.js

@@ -186,8 +186,21 @@ async function runSingleSandbox(packageName, options = {}) {
       dockerArgs.push('-e', `CANARY_GITCONFIG=${createCanaryGitconfig().replace(/\r?\n/g, '\\n')}`);
     }
 
-    // Inject time offset (preload.js deferred to entry point in sandbox-runner.sh)
-    dockerArgs.push('-e', `NODE_TIMING_OFFSET=${timeOffset}`);
+    // Inject time offset — libfaketime-aware (v2.10.7)
+    // Run 1 (offset=0): no libfaketime, preload.js handles JS-level only
+    // Runs 2+ (offset>0): libfaketime handles C-level time shift for ALL processes
+    //   (Node, Python, bash), preload.js TIME_OFFSET=0 to avoid double acceleration
+    const useFaketime = timeOffset > 0;
+    dockerArgs.push('-e', `NODE_TIMING_OFFSET=${useFaketime ? 0 : timeOffset}`);
+
+    if (useFaketime) {
+      const hours = Math.floor(timeOffset / 3600000);
+      const faketimeStr = hours >= 24
+        ? `+${Math.floor(hours / 24)}d x1000`
+        : `+${hours}h x1000`;
+      dockerArgs.push('-e', `MUADDIB_FAKETIME=${faketimeStr}`);
+      dockerArgs.push('-e', 'MUADDIB_FAKETIME_ACTIVE=1');
+    }
 
     // Both modes need NET_RAW for tcpdump (runs as root in entrypoint).
     // Strict mode also needs NET_ADMIN for iptables network blocking.

package/src/scanner/ast-detectors.js

@@ -1929,7 +1929,7 @@ function handleCallExpression(node, ctx) {
       }
     }
 
-    // Module._load() — internal module loader bypass (ANSSI audit v2)
+    // Module._load() — internal module loader bypass (security audit v2)
     if (propName === '_load') {
       const calleeObj = node.callee.object;
       const isModuleIdentifier = calleeObj.type === 'Identifier' &&

package/src/scanner/shell.js

@@ -26,7 +26,9 @@ const MALICIOUS_PATTERNS = [
   { pattern: /eval\s+.*\$\(curl/m, name: 'eval_curl_subshell', severity: 'CRITICAL' },
   { pattern: /sh\s+-c\s+['"].*curl/m, name: 'sh_c_curl_exec', severity: 'HIGH' },
   // Bun runtime evasion (v2.8.9 — Shai-Hulud 2.0)
-  { pattern: /\bbun\s+run\b/m, name: 'bun_runtime_evasion', severity: 'HIGH' }
+  { pattern: /\bbun\s+run\b/m, name: 'bun_runtime_evasion', severity: 'HIGH' },
+  // Python time.sleep sandbox evasion (v2.10.7 — CanisterWorm T1497.003)
+  { pattern: /python[23]?\s+-c\s*['"].*time\.sleep\s*\(\s*[1-9]\d{2,}/m, name: 'python_time_delay_exec', severity: 'HIGH' }
 ];
 
 const SHEBANG_RE = /^#!.*\b(?:ba)?sh\b/;