MALICIOUS (1) campaign cataloged at 2025-08-07(2).

1. The campaign has clearly malicious intent, like infostealers.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2025-08-raknet-testing-package

During installation, the package attempts to install the own MITM proxy without user's consent and hijack all requests

Abuse categories

exfiltration_generic

Campaign uses exfiltration_generic.

modify-system-without-consent

Campaign uses modify-system-without-consent.

IoCs & related URLs

URLs with payloads, characteristic domains, C&C IPs, repositories with malicious code, etc.

• 196.251.86.48

• hxxps://www.dropbox.com/scl/fi/6pwocr2yfcaqztfoxkwqm/mitmproxy-ca-cert.pem?rlkey=irl7718in0yr3pwnhgftcm0sm&st=fnll7kc5&dl=1

• hxxps://pastebin.com/raw/hEF5HaFc

Packages in the campaign

campaign:2025-08-raknet-testing-package

• raknet-testing-package
• raknet-testing-package2