HIGHLY_SUSPICIOUS (1) campaign cataloged at 2025-06-15(2).

1. Packages that are likely malicious, but due to the obfuscation level, lack of time or clear indicators it's hard to say what exactly they do; the highest risk of false positives.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2025-06-dcrb

Included executable, which is run by a command, implements a Discord bot designed to control the computer (including executing arbitrary commands). While such things can be used in legitimate cases, this executable has an embedded bot credentials, so it will join the server controlled by the uploader

Abuse categories

remote_commands

The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine.

References

Referenced resources may include blog posts about the campaign, malware analysis, sandbox reports, or other relevant information.

• VirusTotal results

• https://www.pylingual.io/view_chimera?identifier=6e6155076af26e72c216172630e3991188c63f22637ca2dcd7338830e4175fc4

• https://www.pylingual.io/view_chimera?identifier=0b075fcf3e2037a34fc2329e10ac9bb233f4f12fb0662f409f0d3f4b34c293cf

• VirusTotal results

Packages in the campaign

campaign:2025-06-dcrb

• dcrb
• dcrbo