Spectra Assure
Community
Docs

Reothor.Lab.EvilPackagev200.0.0

latest
malicious
Research
Copy SHA256
License: Permissive (Apache-2.0)
NuGet
Homepage
Published: about 1 year ago
Demonstrates a supply chain attack using dependency confusion. Do not install this package in any production projects.
Fail
Incident: Malware
3 supply chain attack artifacts
Incidents
Type: malwareReported By: ReversingLabs (Researcher) Reported: about 1 year ago
Learn more about malware detection

SAFE Assessment

Compliance

Licenses
No license compliance issues
Secrets
No sensitive information found

Security

Vulnerabilities
No known vulnerabilities detected
Hardening
No application hardening issues

Threats

Tampering
No evidence of software tampering
Malware
3 supply chain attack artifacts

Issues

See all issues
high
Detected presence of malicious files through analyst-vetted file reputation.
threats
high
Detected presence of known software supply chain attack artifacts.
threats
low
Detected digital signatures that have not been performed with an extended validation certificate.
signatures
low
Detected digital signatures that rely on a weak digest algorithm for integrity validation.
signatures

Behaviors

See all behaviors
Contains URLs that link to interesting file formats.
network
Contains URLs.
network
Contains patterns identifying the constants related to the SHA-256 hash function, from the SHA-2 hash family.
signature

Vulnerabilities

critical0
high0
medium0
low0

Downloads

N/A
Total Downloads

Maintenance

1
Contributor

Dependencies

0
Declared Dependencies

Dependents

0
Dependents

Issues per Version Graph

Scanned 10 days ago
OSZAR »