PROBABLY_PENTEST (1) campaign cataloged at 2025-05-28(2).

1. Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2025-05-caixaequ2ahzoop

Obfuscated code gets a command from the remote target and executes it. At the time of the test, it was just "whoami". Thus, it's rather just an experiment

Abuse categories

obfuscation

Campaign uses obfuscation.

remote_commands

The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine.

IoCs & related URLs

URLs with payloads, characteristic domains, C&C IPs, repositories with malicious code, etc.

• d3gnpasobcdyif.cloudfront.net

Packages in the campaign

campaign:2025-05-caixaequ2ahzoop

• caixaequ2ahzoop