VDB
GCVE-110-OSM-2026-6669
GCVE-110-OSM-2026-6669
Advisory PublishedCVSS 8.8/10
Malicious package detected. Behaviors: data exfiltration, code execution, network activity.
ENTRY
dist/index.cjs (main: ./dist/index.cjs)
PERSISTENCE
- Startup Persistence in dist/index.cjs: ".bashrc"
- Startup Persistence in dist/index.js: ".bashrc"
DESTINATION
- custom-c2: http://2.27.62.51:8080/api/health (primary, plaintext) in dist/index.cjs
- custom-c2: http://2.27.62.51:8081/api/health (plaintext) in dist/index.cjs
- custom-c2: 2.27.62.51 (plaintext) in dist/index.cjs
- bitcoinAddresses: bc1qjft978uykglsh0adcyx6xhkes56vqzs3fual3l (exfil, plaintext)
- ethereumAddresses: 0xd63eD44065eDb1e2ad2519B011c06412dA7B7c5B (exfil, plaintext)
EXFIL
- System Information Exfiltration in dist/index.cjs: "JSON.stringify({ ...data, hostname: globalThis.process?.env?.HOSTNAME || 'unknow..."
- System Information Exfiltration in dist/index.js: "JSON.stringify({ ...data, hostname: globalThis.process?.env?.HOSTNAME || 'unknow..."
- Suspicious Domain in dist/index.cjs: "http://2.27.62.51"
- Suspicious Domain in dist/index.js: "http://2.27.62.51"
ADDITIONAL FINDINGS
- Shell Command Execution in dist/index.cjs: "require('child_process')"
- Platform Detection with Data Collection in dist/index.cjs: "JSON.stringify({ ...data, hostname: globalThis.process?.env?.HOSTNAME || 'unknow..."
PAYLOAD FILES
dist/index.cjs (+ dist/index.js)
INDICATORS (IOCs)
- payloadFileHash: 0883f67f12ef0c2b1da1e11a4d31a08fdaedc5c7de0db2fb98cb6f7e5efd3224
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | base58-core | 1.0.1 (affected) | — |
Aliases
Browse GCVE Records
72,664 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.