Mal-ecule
O₃(Eu₂S₂Dy₂)H₃(CmOsPo)Md(In)
Found in 1 archive
Well-known
component severity, 95% confident.
lib
fetch/XMLHttpRequest/http(s) require (flatted tamper fragment)
component severity, 96% confident.
malware/backdoor
Regex component marker
Objectives
suspicious severity, 75% confident.
exfiltration/dns
Long subdomain encoding pattern
suspicious severity, 88% confident.
supply-chain/recon-exfil
Tiny postinstall sidecar payload
notable severity, 90% confident.
discovery/system/fingerprint
Collects operating system platform
notable severity, 85% confident.
exfiltration/oob
Oastify OOB service
notable severity, 97% confident.
supply-chain/trojanized/app
Obfuscated dropper with exfiltration
component severity, 92% confident.
anti-static/obfuscation/payload
HOST URL component identifier
component severity, 90% confident.
command-and-control/beacon/network
Command/result field word
component severity, 100% confident.
impact/wipe/disk
NODE_ENV environment variable
component severity, 100% confident.
supply-chain/trojanized/library
require https
Micro-behaviors
notable severity, 70% confident.
communications/http/request
Node.js https.get
notable severity, 75% confident.
os/sysinfo
os.hostname() call
notable severity, 100% confident.
process/create/shell
Executes shell commands synchronously
baseline severity, 80% confident.
os/env
Access environment variables
baseline severity, 75% confident.
os/sysinfo/platform
os.platform family call
component severity, 100% confident.
data/encode
toString method token
Metadata
notable severity, 78% confident.
import
require('https') import
baseline severity, 100% confident.
lang
Node.js shebang line
baseline severity, 100% confident.
lang/encoded
JavaScript file basename
20 of 32 traits shown
Well-known
component severity, 95% confident.
lib
fetch/XMLHttpRequest/http(s) require (flatted tamper fragment)
component severity, 96% confident.
malware/backdoor
Regex component marker
Objectives
suspicious severity, 75% confident.
exfiltration/dns
Long subdomain encoding pattern
suspicious severity, 88% confident.
supply-chain/recon-exfil
Tiny postinstall sidecar payload
notable severity, 90% confident.
discovery/system/fingerprint
Collects operating system platform
notable severity, 85% confident.
exfiltration/oob
Oastify OOB service
notable severity, 97% confident.
supply-chain/trojanized/app
Obfuscated dropper with exfiltration
component severity, 92% confident.
anti-static/obfuscation/payload
HOST URL component identifier
component severity, 90% confident.
command-and-control/beacon/network
Command/result field word
component severity, 100% confident.
impact/wipe/disk
NODE_ENV environment variable
component severity, 100% confident.
supply-chain/trojanized/library
require https
Micro-behaviors
notable severity, 70% confident.
communications/http/request
Node.js https.get
notable severity, 75% confident.
os/sysinfo
os.hostname() call
notable severity, 100% confident.
process/create/shell
Executes shell commands synchronously
baseline severity, 80% confident.
os/env
Access environment variables
baseline severity, 75% confident.
os/sysinfo/platform
os.platform family call
component severity, 100% confident.
data/encode
toString method token
Metadata
notable severity, 78% confident.
import
require('https') import
baseline severity, 100% confident.
lang
Node.js shebang line
baseline severity, 100% confident.
lang/encoded
JavaScript file basename
20 of 32 traits shown
Identity
| SHA-256 | 7fc4ea8b86c27e4111b2dc03ad327de9dc80ee686f0443edc0171645f46f6bbb |
|---|---|
| Filename | package/postinstall.js |
Origin
| Source | harvest |
|---|---|
| Feed | osv.dev |
| Ecosystem | javascript |
Timeline
| First seen | 26 May 2026 12:17 UTC |
|---|---|
| First analyzed | 26 May 2026 12:17 UTC |
| Last analyzed | 26 May 2026 12:17 UTC |
| Last updated | 26 May 2026 12:17 UTC |
Labeling
| Label | bad |
|---|---|
| Label source | harvest |
Not seeing what you expected? Let us know