MALICIOUS (1) campaign cataloged at 2025-08-28(2).
- The campaign has clearly malicious intent, like infostealers.
- This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.
2025-08-kraken-virus¶
As even described, the package contains a malicious code collecting large amount of data. The description suggests educational use, yet, the code can cause real harm. Specifically, the C2 servers defined in the package seems to be selected as trusted domains that would ignore the data sent. However, among them is at least one domain available for sale at the time of analysis - opening the room for collecting data by the uploader.
Abuse categories¶
exfiltration_browser_data
Campaign uses exfiltration_browser_data.
exfiltration_generic
Campaign uses exfiltration_generic.
malware
Campaign uses malware.
IoCs & related URLs¶
URLs with payloads, characteristic domains, C&C IPs, repositories with malicious code, etc.
azure-monitor.org