MALICIOUS (1) campaign cataloged at 2024-08-11(2).

1. The campaign has clearly malicious intent, like infostealers.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2024-08-fireindahole.fun

Clones real package and hoddens an obfuscated code trying to run remote scripts as well as establish backdoor through SSH.

Abuse categories

action-hidden-in-lib-usage

Campaign uses action-hidden-in-lib-usage.

backdoor

Campaign uses backdoor.

clons_real_package

The package is a clone of a real package, but with malicious code added.

dependency-confusion

Campaign uses dependency-confusion.

obfuscation

Campaign uses obfuscation.

IoCs & related URLs

URLs with payloads, characteristic domains, C&C IPs, repositories with malicious code, etc.

• fireindahole.fun

• hxxp://main.fireindahole.fun/script4separator.sh

• hxxp://main.fireindahole.fun/script3separator.sh

• hxxps://grabify.link/IFKU0H

Packages in the campaign

campaign:2024-08-fireindahole.fun

• audio-separator-fork