Spectra Assure
Community
Docs

Reothor.Lab.EvilPackagev200.0.0

latest
removed
malicious
Research
Copy SHA256
License: Permissive (Apache-2.0)
NuGet
Homepage
Published: over 1 year ago
Demonstrates a supply chain attack using dependency confusion. Do not install this package in any production projects.
Fail
Incident: Malware
3 supply chain attack artifacts
Incidents
Type: malwareReported By: ReversingLabs (Researcher) Reported: over 1 year ago
Learn more about malware detection
Type: removalReported By: Community

SAFE Assessment

Compliance

Licenses
No license compliance issues
Secrets
No sensitive information found

Security

Vulnerabilities
No known vulnerabilities detected
Hardening
No application hardening issues

Threats

Tampering
1 components prone to hijacking
Malware
3 supply chain attack artifacts

Issues

See all issues
high
Detected presence of software components that were removed from the public package repository.
hunting
high
Detected presence of malicious files through analyst-vetted file reputation.
threats
high
Detected presence of known software supply chain attack artifacts.
threats
medium
Detected presence of software components that are rarely included by other public software packages.
hunting
low
Detected digital signatures that have not been performed with an extended validation certificate.
signatures

Behaviors

See all behaviors
Contains URLs that link to interesting file formats.
network
Contains URLs.
network
Contains patterns identifying the constants related to the SHA-256 hash function, from the SHA-2 hash family.
signature

Vulnerabilities

critical0
high0
medium0
low0

Downloads

N/A
Total Downloads

Contributions

1
Contributor

Dependencies

0
Declared Dependencies

Dependents

0
Dependents