From e031bdb218a67f738c9782b03c91e469f5513f87 Mon Sep 17 00:00:00 2001
From: behnazh-w <behnaz.hassanshahi@oracle.com>
Date: Tue, 25 Mar 2025 12:25:58 +1000
Subject: [PATCH] Add tiger packages

Signed-off-by: behnazh-w <behnaz.hassanshahi@oracle.com>
---
 osv/malicious/pypi/tig3r/MAL-0000-tig3r.json  | 44 +++++++++++++++++++
 .../pypi/tiger-krd/MAL-0000-tiger-krd.json    | 42 ++++++++++++++++++
 2 files changed, 86 insertions(+)
 create mode 100644 osv/malicious/pypi/tig3r/MAL-0000-tig3r.json
 create mode 100644 osv/malicious/pypi/tiger-krd/MAL-0000-tiger-krd.json

diff --git a/osv/malicious/pypi/tig3r/MAL-0000-tig3r.json b/osv/malicious/pypi/tig3r/MAL-0000-tig3r.json
new file mode 100644
index 00000000000..5d7f3ccf82f
--- /dev/null
+++ b/osv/malicious/pypi/tig3r/MAL-0000-tig3r.json
@@ -0,0 +1,44 @@
+{
+  "modified": "2025-02-25T15:52:00Z",
+  "published": "2025-02-25T15:52:00Z",
+  "schema_version": "1.5.0",
+  "id": "",
+  "summary": "Malicious code in tig3r (PyPI)",
+  "details": "This package is a web scraping tool to perform activities such as logging into Hotmail and checking the availability of emails or user IDs on platforms like TikTok, Instagram, and Telegram. However, these actions could potentially violate the terms of service of the respective providers or be flagged as suspicious activity. Additionally, the tool employs techniques such as randomizing user-agent strings and request data in an attempt to avoid detection.\n",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "tig3r",
+        "purl": "pkg:pypi/tig3r"
+      },
+      "versions": [
+        "0.3",
+        "0.1"
+      ]
+    }
+  ],
+  "credits": [
+    {
+      "name": "Oracle using Macaron",
+      "type": "FINDER",
+      "contact": [
+        "https://github.com/oracle/macaron"
+      ]
+    }
+  ],
+  "database_specific": {
+    "malicious-packages-origins": [
+      {
+        "import_time": "2025-02-25T15:52:00Z",
+        "modified_time": "2025-02-25T15:52:00Z",
+        "sha256": "b2de1543b72bec6f34964bcafdfe13a516ce342d8753885b76480a3caa600525",
+        "source": "Oracle using Macaron",
+        "versions": [
+          "0.3",
+          "0.1"
+        ]
+      }
+    ]
+  }
+}
diff --git a/osv/malicious/pypi/tiger-krd/MAL-0000-tiger-krd.json b/osv/malicious/pypi/tiger-krd/MAL-0000-tiger-krd.json
new file mode 100644
index 00000000000..1e801b95db8
--- /dev/null
+++ b/osv/malicious/pypi/tiger-krd/MAL-0000-tiger-krd.json
@@ -0,0 +1,42 @@
+{
+  "modified": "2025-03-24T10:27:00Z",
+  "published": "2025-03-24T10:27:00Z",
+  "schema_version": "1.5.0",
+  "id": "",
+  "summary": "Malicious code in tiger-krd (PyPI)",
+  "details": "This package is a web scraping tool to perform activities such as logging into Hotmail and checking the availability of emails or user IDs on platforms like TikTok, Instagram, and Telegram. However, these actions could potentially violate the terms of service of the respective providers or be flagged as suspicious activity. Additionally, the tool employs techniques such as randomizing user-agent strings and request data in an attempt to avoid detection.\n",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "tiger-krd",
+        "purl": "pkg:pypi/tiger-krd"
+      },
+      "versions": [
+        "0.5"
+      ]
+    }
+  ],
+  "credits": [
+    {
+      "name": "Oracle using Macaron",
+      "type": "FINDER",
+      "contact": [
+        "https://github.com/oracle/macaron"
+      ]
+    }
+  ],
+  "database_specific": {
+    "malicious-packages-origins": [
+      {
+        "import_time": "2025-03-24T10:27:00Z",
+        "modified_time": "2025-03-24T10:27:00Z",
+        "sha256": "93dd0e75a31453684e54882708351e38c1d300a8ce4d4dd2add1a793a671d78f",
+        "source": "Oracle using Macaron",
+        "versions": [
+          "0.5"
+        ]
+      }
+    ]
+  }
+}