Created
September 15, 2017 23:12
-
-
Save clong/2be104cc32e2b3cc6dfed33724a7fa3d to your computer and use it in GitHub Desktop.
Use osquery to find malicious pip packages
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SELECT * FROM python_packages WHERE name = 'acqusition' OR name = 'apidev-coop' OR name = 'bzip' OR name = 'crypt' OR name = 'django-server' OR name = 'pwd' OR name = 'setup-tools' OR name = 'telnet' OR name = 'urlib3' OR name = 'urllib'; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There is a small typo at urllib3
Original
osquery> SELECT * FROM python_packages WHERE name = 'acqusition' OR name = 'apidev-coop' OR name = 'bzip' OR name = 'crypt' OR name = 'django-server' OR name = 'pwd' OR name = 'setup-tools' OR name = 'telnet' OR name = 'urlib3' OR name = 'urllib';
Modified
osquery> SELECT * FROM python_packages WHERE name = 'acqusition' OR name = 'apidev-coop' OR name = 'bzip' OR name = 'crypt'
OR name = 'django-server' OR name = 'pwd' OR name = 'setup-tools' OR name = 'telnet' OR name = 'urllib3' OR name = 'urllib';
+---------+---------+------------------------------------------------------------------------+---------------+---------+----------------------------------------------------------+
| name | version | summary | author | license | path |
+---------+---------+------------------------------------------------------------------------+---------------+---------+----------------------------------------------------------+
| urllib3 | 1.22 | HTTP library with thread-safe connection pooling, file post, and more. | Andrey Petrov | MIT | /usr/lib/python2.7/site-packages/urllib3-1.22.dist-info/ |
+---------+---------+------------------------------------------------------------------------+---------------+---------+----------------------------------------------------------+
osquery>