VDB

GCVE-110-OSM-2026-683

GCVE-110-OSM-2026-683
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published March 22, 2026
Malicious Docker Hub image published by TeamPCP on March 22, 2026 (~16:00 UTC) as part of the Trivy supply-chain compromise. Built from the backdoored Trivy v0.69.4 binary containing a three-stage credential stealer and persistence dropper. Exfiltrates encrypted credential bundles to scan.aquasecurtiy.org and plug-tab-protective-relay.trycloudflare.com. Installs sysmon.py systemd persistence on non-CI systems polling ICP blockchain C2. === MALICIOUS CONTAINER IMAGE === Registry: Docker Hub (docker.io) Image: aquasec/trivy:v0.69.5 Published: ~16:00 UTC, March 22, 2026 Also distributed via: GHCR, ECR === EMBEDDED PAYLOAD === Contains backdoored Trivy binary with: - Memory scraping: /proc/[PID]/mem targeting Runner.Worker for {"value":"<secret>","isSecret":true} - Filesystem sweep: 50+ paths (SSH keys, AWS/GCP/Azure creds, K8s tokens, crypto wallets, GPG keys, Docker creds) - Encryption: AES-256-CBC + RSA-4096 hybrid - Exfil: POST to scan.aquasecurtiy.org and plug-tab-protective-relay.trycloudflare.com (tpcp.tar.gz) - Fallback: Creates tpcp-docs GitHub repo via GITHUB_TOKEN === PERSISTENCE (non-CI) === Dropper: ~/.config/systemd/user/sysmon.py C2: https://tdtqy-oyaaa-aaaae-af2dq-cai.raw.icp0.io/ Polling: Every 50 minutes Kill switch: aborts if response contains "youtube"

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknowndarkigall (affected)
unknownv0.69.5 (affected)

References

advisory
vendor
vendor

Browse GCVE Records

72,580 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›