SPAM (1) campaign cataloged at 2025-07-21(2).

1. advertisements, spam packages etc.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2025-07-vibehat

While dependency confusion is a serious thing, I don't think the solution is to register every possible generic name that could exist in local repositories or imports... (or be generated by AI? This seems to be AI-related thing).

This package (and others from this user) has no real content and seems to be generated by a tool https://github.com/jvlax/vibehat to prevent "dependency confusion", but the scanner takes every local dependency and every non-relative import (https://github.com/jvlax/vibehat/blob/eed43b24b17ba393efc1b4e06aa7f9413559831a/backend/github_scanner.py#L345).

Abuse categories

other

Campaign uses other.

References

Referenced resources may include blog posts about the campaign, malware analysis, sandbox reports, or other relevant information.

• https://github.com/jvlax/vibehat

• https://github.com/jvlax/vibehat/blob/eed43b24b17ba393efc1b4e06aa7f9413559831a/backend/github_scanner.py#L345

IoCs & related URLs

URLs with payloads, characteristic domains, C&C IPs, repositories with malicious code, etc.

• vibehat.dev

Packages in the campaign

campaign:2025-07-vibehat

• artificialmasterpiecegenerator
• bruteforcecore
• claim-water
• ctcmodel
• demo-package-for-testing
• diffspeech
• discriminator-conformer
• duration-predictor
• ecapa-tdnn
• engine-eval
• genie-tool
• guidance-model
• logging-loki
• magical-utils
• mujoco-viewer
• nodes-to-csv
• package-publisher
• reconstruct-mcts
• simple-pharos-runner
• spatial-eva
• super-awesome-helper
• test-scan-consistency
• tplr
• transfer-task
• ykgen
• zenith-swap