HIGHLY_SUSPICIOUS (1) campaign cataloged at 2025-01-27(2).

1. Packages that are likely malicious, but due to the obfuscation level, lack of time or clear indicators it's hard to say what exactly they do; the highest risk of false positives.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2025-01-denisemyname9

Packages contain potentially malicious, RAT-like functionality (creating reverse shell, stealing cookies, etc.), but do not run it. It could be a preparation for something or building a red-team-like tools

Abuse categories

backdoor

Campaign uses backdoor.

exfiltration_browser_data

Campaign uses exfiltration_browser_data.

exfiltration_generic

Campaign uses exfiltration_generic.

remote_commands

The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine.

revshell

The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.

Packages in the campaign

campaign:2025-01-denisemyname9

• justanotherpackage
• thispackagedoesnotexist