Skip to content
/ red-lili Public

This open-source project tracks RED-LILI's activity over time as there are evidence the actor is still active. All information provided here is intended for research purposes.

red-lili.info
11 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Checkmarx/red-lili

BranchesTags

Repository files navigation

illustration

RED-LILI is a software supply chain threat actor which has published over 1500 malicious packages. As Checkmarx uncovered, this attacker has demonstrated new techniques that power him with automated NPM account creation.

This open-source project tracks RED-LILI's activity over time as there are evidence the actor is still active. All information provided here is intended for research purposes.

Visit https://red-lili.info

Sample files

The original package evidence sample files as they were originally published to NPM included with related metadata are available in the ./samples directory. Make sure to read the README.md file before usage.

About

This open-source project tracks RED-LILI's activity over time as there are evidence the actor is still active. All information provided here is intended for research purposes.

red-lili.info

Topics

npm malicious-packages supply-chain-security red-lili

Resources

Readme
Activity
Custom properties

Stars

11 stars

Watchers

5 watching

Forks

4 forks
Report repository

Contributors 5

Languages