{"response": [{"Event":{"id":"404125","orgc_id":"797","org_id":"797","date":"2026-04-30","threat_level_id":"1","info":"Supply Chain Attack: Malicious PyPI Package lightning 2.6.2/2.6.3 (Shai-Hulud / EveryBoiWeBuildIsAWormyBoi Campaign)","published":false,"uuid":"01011bd1-589b-51f4-9d0b-ba95b756cee8","attribute_count":"26","analysis":"1","timestamp":"1746057600","distribution":"3","proposal_email_lock":false,"locked":true,"publish_timestamp":"0","sharing_group_id":"0","disable_correlation":false,"extends_uuid":"f47ac10b-58cc-4372-a567-0e02b2c3d479","protected":null,"event_creator_email":"p@cubessa.com","Org":{"id":"797","name":"Cubessa","uuid":"6e4e8708-672e-498f-8661-035d65ee91d2","local":true},"Orgc":{"id":"797","name":"Cubessa","uuid":"6e4e8708-672e-498f-8661-035d65ee91d2","local":true},"Attribute":[{"id":"68538998","type":"url","category":"External analysis","to_ids":false,"uuid":"a31d89fc-0a45-44a2-a420-73a12078e611","event_id":"404125","distribution":"5","timestamp":"1746057600","comment":"Semgrep original disclosure blog post","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":"https://semgrep.dev/blog/2026/malicious-dependency-in-pytorch-lightning-used-for-ai-training/","Galaxy":[],"ShadowAttribute":[]},{"id":"68538999","type":"url","category":"External analysis","to_ids":false,"uuid":"d9737b67-17fd-46c7-957b-95f5784e9f23","event_id":"404125","distribution":"5","timestamp":"1746057600","comment":"Official Lightning-AI GitHub Security Advisory GHSA-w37p-236h-pfx3 - vendor confirmation of compromise, affected versions, and remediation guidance","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":"https://github.com/Lightning-AI/pytorch-lightning/security/advisories/GHSA-w37p-236h-pfx3","Galaxy":[],"ShadowAttribute":[]},{"id":"68539000","type":"filename","category":"Payload delivery","to_ids":true,"uuid":"b8451c5f-8e32-473b-a476-07fe1243d0e2","event_id":"404125","distribution":"5","timestamp":"1746057600","comment":"Malicious PyPI package - version 2.6.2 - confirmed affected by GHSA-w37p-236h-pfx3","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":"lightning-2.6.2.tar.gz","Galaxy":[],"ShadowAttribute":[]},{"id":"68539001","type":"filename","category":"Payload delivery","to_ids":true,"uuid":"b1a7d5a4-db8f-4b5f-a565-ae464d31c08d","event_id":"404125","distribution":"5","timestamp":"1746057600","comment":"Malicious PyPI package - version 2.6.3 - confirmed affected by GHSA-w37p-236h-pfx3","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":"lightning-2.6.3.tar.gz","Galaxy":[],"ShadowAttribute":[]},{"id":"68539002","type":"filename","category":"Artifacts dropped","to_ids":true,"uuid":"4c2d5974-7e99-48a1-809b-9c215c1a7932","event_id":"404125","distribution":"5","timestamp":"1746057600","comment":"Python loader within malicious package that initializes payload on import","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":"_runtime/start.py","Galaxy":[],"ShadowAttribute":[]},{"id":"68539003","type":"filename","category":"Artifacts dropped","to_ids":true,"uuid":"324013a2-273b-4a7f-a317-d7737f198e8a","event_id":"404125","distribution":"5","timestamp":"1746057600","comment":"Obfuscated JavaScript payload (~14.8 MB), executed via Bun runtime","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":"_runtime/router_runtime.js","Galaxy":[],"ShadowAttribute":[]},{"id":"68539004","type":"filename","category":"Artifacts dropped","to_ids":true,"uuid":"b86dadd6-3233-4cb6-a6d6-1a3ad96f4e2b","event_id":"404125","distribution":"5","timestamp":"1746057600","comment":"Malware copy injected into victim repositories","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":".claude/router_runtime.js","Galaxy":[],"ShadowAttribute":[]},{"id":"68539005","type":"filename","category":"Artifacts dropped","to_ids":true,"uuid":"e86c969a-0bc1-4a58-88ec-cfa2755829c2","event_id":"404125","distribution":"5","timestamp":"1746057600","comment":"Claude Code hook config injected into victim repos - abuses SessionStart hook to execute malware on every Claude Code session open","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":".claude/settings.json","Galaxy":[],"ShadowAttribute":[]},{"id":"68539006","type":"filename","category":"Artifacts dropped","to_ids":true,"uuid":"8d657c9a-f0e1-41a8-80b8-c836f481b097","event_id":"404125","distribution":"5","timestamp":"1746057600","comment":"Dropper injected into victim repositories via Claude Code hook","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":".claude/setup.mjs","Galaxy":[],"ShadowAttribute":[]},{"id":"68539007","type":"filename","category":"Artifacts dropped","to_ids":true,"uuid":"e4f50cc0-699c-409a-9444-c7bd2c3028c2","event_id":"404125","distribution":"5","timestamp":"1746057600","comment":"VS Code auto-run task injected into victim repos - executes malware on folderOpen event","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":".vscode/tasks.json","Galaxy":[],"ShadowAttribute":[]},{"id":"68539008","type":"filename","category":"Artifacts dropped","to_ids":true,"uuid":"57befc56-4559-41f2-8f0e-7066ec7c102f","event_id":"404125","distribution":"5","timestamp":"1746057600","comment":"Dropper injected into victim repositories via VS Code task","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":".vscode/setup.mjs","Galaxy":[],"ShadowAttribute":[]},{"id":"68539009","type":"text","category":"Network activity","to_ids":false,"uuid":"45d1aab6-74fb-49c0-a4ea-82590f99b50b","event_id":"404125","distribution":"5","timestamp":"1746057600","comment":"Primary exfiltration channel - domain obfuscated via encrypted strings in payload","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":"HTTPS POST to attacker C2 server over port 443 with encrypted domain/path stored in payload","Galaxy":[],"ShadowAttribute":[]},{"id":"68539010","type":"text","category":"Network activity","to_ids":true,"uuid":"ce04eb82-01b5-4728-b268-2e03ef25e59f","event_id":"404125","distribution":"5","timestamp":"1746057600","comment":"GitHub commit search dead-drop C2 channel - malware polls for encoded tokens in commit messages","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":"https://api.github.com/search/commits?q=EveryBoiWeBuildIsAWormyBoi","Galaxy":[],"ShadowAttribute":[]},{"id":"68539011","type":"text","category":"Network activity","to_ids":true,"uuid":"61f233cc-8392-44c1-9e73-eca12c3a24f3","event_id":"404125","distribution":"5","timestamp":"1746057600","comment":"AWS IMDSv2 metadata endpoint queried to steal instance credentials","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":"http://169.254.169.254","Galaxy":[],"ShadowAttribute":[]},{"id":"68539012","type":"text","category":"Network activity","to_ids":true,"uuid":"31246aa4-cae4-4023-9008-54315d48c5e3","event_id":"404125","distribution":"5","timestamp":"1746057600","comment":"AWS ECS task metadata endpoint queried to steal credentials","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":"http://169.254.170.2","Galaxy":[],"ShadowAttribute":[]},{"id":"68539013","type":"text","category":"Payload delivery","to_ids":false,"uuid":"efdbeed2-4739-4668-857a-5dac31499712","event_id":"404125","distribution":"5","timestamp":"1746057600","comment":"Bun JavaScript runtime silently downloaded by setup.mjs dropper if not present; supports Linux x64/arm64/musl, macOS x64/arm64, Windows x64/arm64","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":"bun-v1.3.13","Galaxy":[],"ShadowAttribute":[]},{"id":"68539014","type":"text","category":"Internal reference","to_ids":true,"uuid":"febd8ce9-84ce-4956-9e71-a066db346f1b","event_id":"404125","distribution":"5","timestamp":"1746057600","comment":"Dead-drop commit message format used by attacker to relay stolen tokens via GitHub commit search API","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":"EveryBoiWeBuildIsAWormyBoi:<base64(base64(token))>","Galaxy":[],"ShadowAttribute":[]},{"id":"68539015","type":"text","category":"Internal reference","to_ids":false,"uuid":"0414fd60-f6e5-4a1e-b006-108b9b2b0f84","event_id":"404125","distribution":"5","timestamp":"1746057600","comment":"Cover commit message used when pushing exfiltrated credentials to attacker-controlled repos","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":"chore: update dependencies","Galaxy":[],"ShadowAttribute":[]},{"id":"68539016","type":"text","category":"Artifacts dropped","to_ids":true,"uuid":"d8b7667d-0ba0-4d7d-a807-fdae385789d7","event_id":"404125","distribution":"5","timestamp":"1746057600","comment":"Malicious workflow pushed to victim repos if write-access token available; exfiltrates all repository secrets via ${{ toJSON(secrets) }} and uploads as artifact 'format-results'","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":"GitHub Actions workflow named 'Formatter'","Galaxy":[],"ShadowAttribute":[]},{"id":"68539017","type":"campaign-name","category":"Attribution","to_ids":false,"uuid":"32920592-b010-45df-b7c5-56dd8831ff04","event_id":"404125","distribution":"5","timestamp":"1746057600","comment":"Attributed to the same threat actor as the prior Mini Shai-Hulud campaign; IOC structure and Dune-themed naming convention are consistent","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":"Mini Shai-Hulud","Galaxy":[],"ShadowAttribute":[]},{"id":"68539018","type":"campaign-name","category":"Attribution","to_ids":false,"uuid":"fa5cbf10-dda2-4b81-954e-c07d78dedc4c","event_id":"404125","distribution":"5","timestamp":"1746057600","comment":"Distinguishing campaign prefix used by the threat actor for this operation","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":"EveryBoiWeBuildIsAWormyBoi","Galaxy":[],"ShadowAttribute":[]},{"id":"68539019","type":"comment","category":"Other","to_ids":false,"uuid":"0a283843-8f2c-47e9-9275-29ea05f3b489","event_id":"404125","distribution":"5","timestamp":"1746057600","comment":"Vendor remediation guidance - safe version pin","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":"SAFE VERSION: Pin to pytorch-lightning==2.6.1. Vendor (Lightning-AI) has quarantined 2.6.2 and 2.6.3 from PyPI and recommends immediate credential rotation and system rebuild if either version was installed. See GHSA-w37p-236h-pfx3.","Galaxy":[],"ShadowAttribute":[]},{"id":"68539020","type":"comment","category":"Other","to_ids":false,"uuid":"a7fe1f18-c71a-4ef8-8fe6-cf938bc71049","event_id":"404125","distribution":"5","timestamp":"1746057600","comment":"Investigation status per GHSA-w37p-236h-pfx3 - event analysis set to ongoing (1)","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":"ROOT CAUSE: Under active investigation by Lightning-AI as of 2026-04-30. Internal release pipeline credentials revoked and rotated. Vendor advisory scope notes >=2.6.2 as potentially affected; 2.6.2 and 2.6.3 are the confirmed versions. Additional versions not yet ruled out.","Galaxy":[],"ShadowAttribute":[]},{"id":"68539021","type":"comment","category":"Other","to_ids":false,"uuid":"92c134cc-fef7-4219-902f-fabb97a74f3a","event_id":"404125","distribution":"5","timestamp":"1746057600","comment":"Summary of credential targets","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":"Credential targets: GitHub tokens (ghp_, gho_, ghs_), npm tokens (npm_), AWS (env vars, ~/.aws/credentials, IMDSv2, ECS, Secrets Manager, SSM Parameter Store), Azure (DefaultAzureCredential, Key Vault), GCP (GoogleAuth, Secret Manager). GitHub Actions runner memory dumped via embedded Python on Linux to extract isSecret:true values.","Galaxy":[],"ShadowAttribute":[]},{"id":"68539022","type":"comment","category":"Other","to_ids":false,"uuid":"64fb7edf-e58b-4d8b-b072-311a8aeaf168","event_id":"404125","distribution":"5","timestamp":"1746057600","comment":"Cross-ecosystem npm worm propagation mechanism","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":"Worm propagation: if npm publish credentials found, malware injects setup.mjs dropper and router_runtime.js into every npm package accessible with that token, sets scripts.preinstall, bumps patch version, and republishes.","Galaxy":[],"ShadowAttribute":[]},{"id":"68539023","type":"comment","category":"Other","to_ids":false,"uuid":"0501e51c-5d62-4652-bb27-db503ca1a6de","event_id":"404125","distribution":"5","timestamp":"1746057600","comment":"Novel persistence technique via Claude Code hooks","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":"This may be among the first documented real-world instances of malware abusing the Claude Code hook system (SessionStart hook with matcher: \"*\") for persistence.","Galaxy":[],"ShadowAttribute":[]}],"ShadowAttribute":[],"RelatedEvent":[{"Event":{"id":"404124","date":"2026-04-30","threat_level_id":"1","info":"Supply Chain Attack: Malicious PyPI Package lightning 2.6.2/2.6.3 (Shai-Hulud / EveryBoiWeBuildIsAWormyBoi Campaign)","published":false,"uuid":"f47ac10b-58cc-4372-a567-0e02b2c3d479","analysis":"1","timestamp":"1746057600","distribution":"3","org_id":"1","orgc_id":"1","Org":{"id":"1","name":"Conostix Demo","uuid":"5480086f-eeab-4170-9a52-db0b94cc38ee"},"Orgc":{"id":"1","name":"Conostix Demo","uuid":"5480086f-eeab-4170-9a52-db0b94cc38ee"}},"RelationshipInbound":[]}],"Galaxy":[],"Object":[],"EventReport":[],"CryptographicKey":[],"Tag":[{"id":"20","name":"tlp:white","colour":"#ffffff","exportable":true,"user_id":"0","hide_tag":false,"numerical_value":null,"is_galaxy":false,"is_custom_galaxy":false,"local_only":false,"local":false,"relationship_type":null},{"id":"36973","name":"type:supply-chain","colour":"#bd30e8","exportable":true,"user_id":"0","hide_tag":false,"numerical_value":null,"is_galaxy":false,"is_custom_galaxy":false,"local_only":false,"local":false,"relationship_type":null},{"id":"36974","name":"malware:credential-stealer","colour":"#11adfa","exportable":true,"user_id":"0","hide_tag":false,"numerical_value":null,"is_galaxy":false,"is_custom_galaxy":false,"local_only":false,"local":false,"relationship_type":null},{"id":"36975","name":"malware:worm","colour":"#7ba9bf","exportable":true,"user_id":"0","hide_tag":false,"numerical_value":null,"is_galaxy":false,"is_custom_galaxy":false,"local_only":false,"local":false,"relationship_type":null},{"id":"36976","name":"campaign:shai-hulud","colour":"#a90e3e","exportable":true,"user_id":"0","hide_tag":false,"numerical_value":null,"is_galaxy":false,"is_custom_galaxy":false,"local_only":false,"local":false,"relationship_type":null},{"id":"36977","name":"ecosystem:pypi","colour":"#dd1fad","exportable":true,"user_id":"0","hide_tag":false,"numerical_value":null,"is_galaxy":false,"is_custom_galaxy":false,"local_only":false,"local":false,"relationship_type":null},{"id":"36978","name":"ecosystem:npm","colour":"#2ad657","exportable":true,"user_id":"0","hide_tag":false,"numerical_value":null,"is_galaxy":false,"is_custom_galaxy":false,"local_only":false,"local":false,"relationship_type":null},{"id":"36979","name":"target:ai-ml","colour":"#173b5d","exportable":true,"user_id":"0","hide_tag":false,"numerical_value":null,"is_galaxy":false,"is_custom_galaxy":false,"local_only":false,"local":false,"relationship_type":null}]}}]}