MALICIOUS (1) campaign cataloged at 2025-09-03(2).
- The campaign has clearly malicious intent, like infostealers.
- This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.
2025-08-learning-pypi-demo-nisimi¶
Installing packages exfiltrates data (different in different packages and versions) or run revshells
Abuse categories¶
exfiltration_generic
Campaign uses exfiltration_generic.
revshell
The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.
IoCs & related URLs¶
URLs with payloads, characteristic domains, C&C IPs, repositories with malicious code, etc.
-
evduuu5l01di1hdn9i5qslhxzo5ft6ju8.oastify.com
-
xz0dyd944kh150h6d199w4lg379yx0lp.oastify.com
-
v95b8bj2eirzfyr4nzj762ved5jw71vq.oastify.com