Skip to content

This open-source project tracks RED-LILI's activity over time as there are evidence the actor is still active. All information provided here is intended for research purposes.

Notifications You must be signed in to change notification settings

Checkmarx/red-lili

Repository files navigation

illustration

RED-LILI is a software supply chain threat actor which has published over 1500 malicious packages. As Checkmarx uncovered, this attacker has demonstrated new techniques that power him with automated NPM account creation.

This open-source project tracks RED-LILI's activity over time as there are evidence the actor is still active. All information provided here is intended for research purposes.

Visit https://red-lili.info

Sample files

The original package evidence sample files as they were originally published to NPM included with related metadata are available in the ./samples directory. Make sure to read the README.md file before usage.

About

This open-source project tracks RED-LILI's activity over time as there are evidence the actor is still active. All information provided here is intended for research purposes.

Topics

Resources

Stars

Watchers

Forks

Languages