Tag
critical
advisory
Atomic Arch Campaign Leverages Orphaned AUR Packages for Linux Payload Deployment
3 rules 14 TTPs 6 IOCsThe Atomic Arch campaign compromises orphaned Arch User Repository (AUR) packages, modifying their PKGBUILDs to install malicious npm/Bun dependencies like 'atomic-lockfile,' which deploy a Linux payload with credential harvesting, eBPF-based stealth, anti-debugging, and data exfiltration capabilities, impacting approximately 1,500 packages.
Arch User Repository +2
supply-chain-attack
npm
bun
linux
malware
credential-harvesting
eBPF
rootkit
+1
3r
14t
6i
low
advisory
Uncommon DNS Requests via Bun or Node.js
2 rules 2 TTPsDetection of uncommon DNS requests originating from Bun or Node.js processes, potentially indicating malicious code execution following a supply chain attack.
Elastic Endpoint
supply-chain
command-and-control
dns
nodejs
bun
2r
2t