MALICIOUS (1) campaign cataloged at 2025-09-26(2).
- The campaign has clearly malicious intent, like infostealers.
- This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.
2025-09-bloxypy¶
Attempting to use the module starts obfuscated code containing an infostealer
Abuse categories¶
action-hidden-in-lib-usage
Campaign uses action-hidden-in-lib-usage.
exfiltration_browser_data
Campaign uses exfiltration_browser_data.
infostealer
Campaign uses infostealer.
infostealer:kiwi
Campaign uses infostealer:kiwi.
obfuscation
Campaign uses obfuscation.
IoCs & related URLs¶
URLs with payloads, characteristic domains, C&C IPs, repositories with malicious code, etc.
hxxps://discord.com/api/webhooks/1272911919686095030/YFEMYwnHMrm0g0TuWjMYY7eymWSr0Caq-npGXbI5dckduYI8EO7zjwdRq_47G0GP6K6l